14 Nov 2023
Vulnérabilité CVE-2023-6126 CVE Vulnerability
Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. (CVSS:4.3) (Last Update:2023-11-14 16:15:28)
Vulnerability Details :
Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
Exploit prediction scoring system (EPSS) score for CVE-2023-6126
We don't have an EPSS score for this CVE yet EPSS FAQ
CVSS scores for CVE-2023-6126
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
4.3 | MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | 2.8 | 1.4 | Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser. |
CWE ids for CVE-2023-6126
- The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser. (Secondary)
References for CVE-2023-6126
- https://github.com/salesagility/suitecrm/commit/54bc56c3bd9f1db75408db1c1d7d652c3f5f71e9 SuiteCRM 7.14.2 Release · salesagility/SuiteCRM@54bc56c · GitHub
- https://huntr.com/bounties/e22a9be3-3273-42cb-bfcc-c67a1025684e HTML injection in Tittle vulnerability found in suitecrm
