Persistent cross-site scripting (XSS) in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via malicious SVG files. This occurs because the clean_file_output protection mechanism can be bypassed.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-08-18T00:29:21
Updated: 2024-08-04T02:06:41.342Z
Reserved: 2021-08-18T00:00:00
Link: CVE-2021-39268
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-08-18T01:15:06.190
Modified: 2021-08-24T12:53:53.263
Link: CVE-2021-39268
Redhat
No data.