JVNDB-2006-000654

[Japanese]
JVNDB-2006-000654
SugarCRM cross-site scripting vulnerability
Overview
SugarCRM, an open source CRM (Customer Relationship Management) package, contains a cross-site scripting vulnerability.
CVSS Severity (What is CVSS?)
CVSS V2 Severity: Base Metrics 2.6 (Low) [IPA Score] Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
Affected Products

SugarCRM SugarCRM 4.2.1b and earlier SugarCRM 4.0.1g and earlier SugarCRM 3.5.1h and earlier

Impact
An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking.
Solution

Vendor Information
SugarCRM SugarCRM Forums : Sugar Suite 4.2.1 Patch C Now Available for Download SugarCRM Forums : Sugar Suite 4.0.1 Patch H Now Available for Download SugarCRM Forums : Sugar Suite 3.5.1 Patch I Now Available for Download
CWE (What is CWE?)

CVE (What is CVE?)

References
JVN : JVN#30144870
Revision History
[2008/05/21] Web page published

SugarCRM cross-site scripting vulnerability