Description

phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable).

Remediation

References

CVE-2018-5715

Related Vulnerabilities

PostgreSQL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2020-25694)

WordPress Plugin WP Bannerize 'ajax_sorter.php' SQL Injection (2.8.7)

Joomla! Core 3.0.x Cross-Site Scripting (3.0.0 - 3.0.3)

WordPress Plugin Frontend File Manager Arbitrary File Upload (3.3)

Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-35615)

Severity

Medium

Classification

CVE-2018-5715 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities