14 Nov 2023
Vulnérabilité CVE-2023-6128 CVE Vulnerability
Cross-site Scripting (XSS) - Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. (CVSS:6.8) (Last Update:2023-11-14 16:15:28)
Vulnerability Details :
Cross-site Scripting (XSS) - Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
Vulnerability category:Cross site scripting (XSS)
Exploit prediction scoring system (EPSS) score for CVE-2023-6128
We don't have an EPSS score for this CVE yet EPSS FAQ
CVSS scores for CVE-2023-6128
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
6.8 | MEDIUM | CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H | 0.9 | 5.9 | Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser. |
CWE ids for CVE-2023-6128
- The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser. (Secondary)
References for CVE-2023-6128
- https://github.com/salesagility/suitecrm/commit/54bc56c3bd9f1db75408db1c1d7d652c3f5f71e9 SuiteCRM 7.14.2 Release · salesagility/SuiteCRM@54bc56c · GitHub
- https://huntr.com/bounties/51406547-1961-45f2-a416-7f14fd775d2d Reflected XSS via Upgrade Wizard vulnerability found in suitecrm
