CVE-2025-54784
- Source
- https://cve.org/CVERecord?id=CVE-2025-54784
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54784.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-54784
- Aliases
-
- GHSA-vg8q-xcq5-mh3p
- Published
- 2025-08-07T00:07:07.525Z
- Modified
- 2026-04-10T05:29:40.491592Z
- Severity
-
- 8.6 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- SuiteCRM is vulnerable to Cross Site Scripting (XSS) through its email viewer
- Details
-
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. There is a Cross Site Scripting (XSS) vulnerability in the email viewer in versions 7.14.0 through 7.14.6. An external attacker could send a prepared message to the inbox of the SuiteCRM-instance. By simply viewing emails as the logged-in user, the payload can be triggered. With that, an attacker is able to run arbitrary actions as the logged-in user - like extracting data, or if it is an admin executing the payload, takeover the instance. This is fixed in versions 7.14.7.
- Database specific
{ "cwe_ids": [ "CWE-79" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/54xxx/CVE-2025-54784.json", "cna_assigner": "GitHub_M" }- References