CVE-2018-20816

medium

Description

An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a phished URL, with script executed.

References

https://github.com/salesagility/SuiteDocs/pull/198/files

https://docs.suitecrm.com/admin/releases/7.8.x/#_7_8_24

https://docs.suitecrm.com/admin/releases/7.10.x/#_7_10_11

Details

Source: Mitre, NVD

Published: 2019-04-05

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00186