An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a phished URL, with script executed.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-04-05T13:05:07
Updated: 2024-08-05T12:12:27.001Z
Reserved: 2019-04-05T00:00:00
Link: CVE-2018-20816
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-04-05T16:29:00.240
Modified: 2021-07-22T15:50:43.980
Link: CVE-2018-20816
Redhat
No data.