CVE-2018-20816
- Source
- https://cve.org/CVERecord?id=CVE-2018-20816
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20816.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-20816
- Published
- 2019-04-05T16:29:00.240Z
- Modified
- 2026-04-10T04:10:06.055081Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a phished URL, with script executed.
- References
Affected packages
Git / github.com/salesagility/suitecrm
Affected ranges
- Type
- GIT
- Repo
- https://github.com/salesagility/suitecrm
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "versions": [ { "introduced": "7.0.0" }, { "fixed": "7.8.24" }, { "introduced": "7.10.00" }, { "fixed": "7.10.11" } ] }
Affected versions
7.*
7.9.6
v.*
v.7.9.11
v7.*
v7.0.2
v7.1
v7.1.1
v7.1.2
v7.1.3
v7.1.4
v7.10.0
v7.10.1
v7.10.10
v7.10.2
v7.10.3
v7.10.4
v7.10.5
v7.10.6
v7.10.7
v7.2
v7.2.1
v7.2beta
v7.2beta2
v7.3
v7.3-beta
v7.3.1
v7.3.2
v7.4.1
v7.4.2
v7.4.3
v7.5-beta
v7.5-beta.2
v7.5.1
v7.6
v7.6.1
v7.7
v7.7-beta1
v7.7-beta2
v7.7-rc
v7.7-rc2
v7.7.2
v7.7.3
v7.7.4
v7.8.0
v7.8.0-beta
v7.8.0-beta.2
v7.8.0-rc
v7.8.1
v7.8.11
v7.8.12
v7.8.14
v7.8.15
v7.8.16
v7.8.17
v7.8.18
v7.8.19
v7.8.2
v7.8.20
v7.8.21
v7.8.22
v7.8.23
v7.8.3
v7.8.4
v7.8.5
v7.8.9
v7.9.0
v7.9.0-beta
v7.9.0-rc
v7.9.1
v7.9.10
v7.9.11
v7.9.12
v7.9.13
v7.9.14
v7.9.3
v7.9.4
v7.9.5
v7.9.8