An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a phished URL, with script executed.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-04-05T13:05:07

Updated: 2024-08-05T12:12:27.001Z

Reserved: 2019-04-05T00:00:00

Link: CVE-2018-20816

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2019-04-05T16:29:00.240

Modified: 2021-07-22T15:50:43.980

Link: CVE-2018-20816

cve-icon Redhat

No data.