Description

Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X allows remote attackers to inject arbitrary web script or HTML via the (1) return_module, (2) return_action, (3) name, (4) module, or (5) record parameter.

Remediation

References

CVE-2005-0266

Related Vulnerabilities

WordPress Plugin Banner Effect Header Cross-Site Request Forgery (1.2.6)

PHP Other Vulnerability (CVE-2002-2215)

WordPress Plugin Rencontre-Dating Site Security Bypass (1.6.9)

WordPress Plugin Yoast SEO Cross-Site Scripting (3.2.5)

WordPress Plugin Google Calendar Events Cross-Site Scripting (2.0.3.1)

Severity

Medium

Classification

CVE-2005-0266

Tags

Missing Update Known Vulnerabilities