Description

Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X allows remote attackers to inject arbitrary web script or HTML via the (1) return_module, (2) return_action, (3) name, (4) module, or (5) record parameter.

Remediation

References

CVE-2005-0266

Related Vulnerabilities

WordPress Plugin Browser and Operating System Finder Cross-Site Request Forgery (1.1)

WordPress Plugin Modern Events Calendar Lite Arbitrary File Upload (7.11.0)

WordPress Plugin Easy Comment Uploads 'upload.php' Arbitrary File Upload (0.61)

MySQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2013-1861)

WordPress Plugin WP eCommerce Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (3.8.9)

Severity

Medium

Classification

CVE-2005-0266

Tags

Missing Update Known Vulnerabilities