{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-03-16T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the online Documents functionality in SugarCRM 5.2.x before 5.2.0l and 5.5.x before 5.5.0a allows remote authenticated users to inject arbitrary web script or HTML via the Document Name field."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20100316 SugarCRM Stored XSS vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/510116/100/0/threaded"}, {"name": "38772", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/38772"}, {"name": "38962", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38962"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.sugarcrm.com/crm/support/bugs.html?task=view&caseID=db4489b7-b5a8-4a6d-555b-4b9ffa7b4ffa"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-0465", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the online Documents functionality in SugarCRM 5.2.x before 5.2.0l and 5.5.x before 5.5.0a allows remote authenticated users to inject arbitrary web script or HTML via the Document Name field."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20100316 SugarCRM Stored XSS vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/510116/100/0/threaded"}, {"name": "38772", "refsource": "BID", "url": "http://www.securityfocus.com/bid/38772"}, {"name": "38962", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38962"}, {"name": "http://www.sugarcrm.com/crm/support/bugs.html?task=view&caseID=db4489b7-b5a8-4a6d-555b-4b9ffa7b4ffa", "refsource": "CONFIRM", "url": "http://www.sugarcrm.com/crm/support/bugs.html?task=view&caseID=db4489b7-b5a8-4a6d-555b-4b9ffa7b4ffa"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:52:18.947Z"}, "title": "CVE Program Container", "references": [{"name": "20100316 SugarCRM Stored XSS vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/510116/100/0/threaded"}, {"name": "38772", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/38772"}, {"name": "38962", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38962"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.sugarcrm.com/crm/support/bugs.html?task=view&caseID=db4489b7-b5a8-4a6d-555b-4b9ffa7b4ffa"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-0465", "datePublished": "2010-03-19T19:00:00.000Z", "dateReserved": "2010-01-29T00:00:00.000Z", "dateUpdated": "2024-08-07T00:52:18.947Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sugarcrm:sugarcrm:5.2.0g:*:*:*:*:*:*:*", "matchCriteriaId": "699A9586-0683-4DAA-9E5C-662C0630C6EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:sugarcrm:sugarcrm:5.2a:*:*:*:*:*:*:*", "matchCriteriaId": "439E75C4-C02D-4905-9D73-CE27D6A54C5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sugarcrm:sugarcrm:5.2c:*:*:*:*:*:*:*", "matchCriteriaId": "6BF95EA0-16E7-4173-AEC8-D66A3F8FB62B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sugarcrm:sugarcrm:5.2d:*:*:*:*:*:*:*", "matchCriteriaId": "BFA524F8-A78F-414A-A5AC-1A89901BD917", "vulnerable": true}, {"criteria": "cpe:2.3:a:sugarcrm:sugarcrm:5.2e:*:*:*:*:*:*:*", "matchCriteriaId": "CFCC9802-4642-4331-9D56-4E1F76151E24", "vulnerable": true}, {"criteria": "cpe:2.3:a:sugarcrm:sugarcrm:5.2f:*:*:*:*:*:*:*", "matchCriteriaId": "7922DB4E-9812-4636-A61D-8D201CE92D93", "vulnerable": true}, {"criteria": "cpe:2.3:a:sugarcrm:sugarcrm:5.2g:*:*:*:*:*:*:*", "matchCriteriaId": "57A8ECCF-AAEC-49B1-B474-E4DD14EE7CF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:sugarcrm:sugarcrm:5.2h:*:*:*:*:*:*:*", "matchCriteriaId": "5AC18299-07B6-46BB-93DF-E642FE637395", "vulnerable": true}, {"criteria": "cpe:2.3:a:sugarcrm:sugarcrm:5.5:beta1:*:*:*:*:*:*", "matchCriteriaId": "B1E9C26A-6845-45C3-A801-E5F1B5B9B0E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sugarcrm:sugarcrm:5.5:beta2:*:*:*:*:*:*", "matchCriteriaId": "EF6C4B76-D1CD-4B58-A9FF-5D35EEAC89EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:sugarcrm:sugarcrm:5.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "3943C856-B008-4E66-802B-762D28B679A6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the online Documents functionality in SugarCRM 5.2.x before 5.2.0l and 5.5.x before 5.5.0a allows remote authenticated users to inject arbitrary web script or HTML via the Document Name field."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad de documentos en l\u00ednea en SugarCRM v5.2.x anterior a v5.2.0l y v5.5.x anterior a v5.5.0a permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del campo \"Document Name\"."}], "id": "CVE-2010-0465", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-03-19T19:30:00.453", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/38962"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/510116/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/38772"}, {"source": "cve@mitre.org", "url": "http://www.sugarcrm.com/crm/support/bugs.html?task=view&caseID=db4489b7-b5a8-4a6d-555b-4b9ffa7b4ffa"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/38962"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/510116/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/38772"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.sugarcrm.com/crm/support/bugs.html?task=view&caseID=db4489b7-b5a8-4a6d-555b-4b9ffa7b4ffa"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}