JVNDB-2006-000849

[Japanese]
JVNDB-2006-000849
SugarCRM cross-site scripting vulnerability
Overview
SugarCRM, open source CRM (Customer Relationship Management) software, contains a cross-site scripting vulnerability. This vulnerability is different from JVN#30144870.
CVSS Severity (What is CVSS?)
CVSS V2 Severity: Base Metrics 2.6 (Low) [IPA Score] Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
Affected Products

SugarCRM SugarCRM 4.5.0f and earlier

Impact
An arbitrary script could be executed on the user's web browser where the user logged into SugarCRM. If an attacker obtains session information from a cookie, an attacker could possibly conduct session hijacking.
Solution

Vendor Information
SugarCRM SugarCRM : Top Page SugarCRM Forums : Sugar 4.5.0 Patch G Now Available for Download
CWE (What is CWE?)

CVE (What is CVE?)
CVE-2006-6712
References
JVN : JVN#74079537 National Vulnerability Database (NVD) : CVE-2006-6712 Secunia Advisory : SA23424 SecurityFocus : 21694 SecurityTracker : 1017434 FrSIRT Advisories : FrSIRT/ADV-2006-5100
Revision History
[2008/05/21] Web page published

SugarCRM cross-site scripting vulnerability