Description

An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). The WebToLeadCapture functionality is found vulnerable to unauthenticated cross-site scripting (XSS) attacks. This attack vector is mitigated by proper validating the redirect URL values being passed along.

Remediation

References

CVE-2017-14510

Related Vulnerabilities

MediaWiki Other Vulnerability (CVE-2007-0177)

Joomla Improper Input Validation Vulnerability (CVE-2006-4468)

Oracle JRE CVE-2023-21937 Vulnerability (CVE-2023-21937)

Sqlite Integer Overflow or Wraparound Vulnerability (CVE-2018-20506)

RubyGems Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-0899)

Severity

Medium

Classification

CVE-2017-14510 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities