CVE-2025-54783

Medium CVSS: 5.1

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.6 and below have a Reflected Cross-Site Scripting (XSS) vulnerability. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include some arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary domain but allow the JavaScript code to execute. This is fixed in version 7.14.7.

Vendor

Salesagility

Product

Suitecrm

CWE

CWE-79

Yayın Tarihi

2025-08-07 01:15:25

Güncelleme

2025-08-12 20:56:37

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 Suitecrm MEDIUM Salesagility 2025

Referanslar

https://docs.suitecrm.com/admin/releases/7.14.x/#_7_14_7 https://github.com/SuiteCRM/SuiteCRM/security/advisories/GHSA-vqrj-gp9m-8c6r

Benzer Kayıtlar

High

CVE-2025-64492

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 8.9.0…

Medium

CVE-2025-64493

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 8.…

Medium

CVE-2025-64491

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.…

High

CVE-2025-64489

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.…

High

CVE-2025-64490

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.…

High

CVE-2025-64488

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.…