XSS and CSRF Vulnerability in SalesAgility SuiteCRM Allows Session Hijacking

CVE-2018-20816 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

An XSS combined with CSRF vulnerability discovered in SalesAgility SuiteCRM 7.x before 7.8.24 and 7.10.x before 7.10.11 leads to cookie stealing, aka session hijacking. This issue affects the "add dashboard pages" feature where users can receive a malicious attack through a phished URL, with script executed.

Learn more about our Crm Penetration Testing.