MEDIUM🇬🇧 English

CVE-2026-29106

CVSS 5.9v3.1pub. 2026-03-19upd. 2026-03-24

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, the value of the return_id request parameter is copied into the value of an HTML tag attribute which is an event handler and is encapsulated in double quotation marks. Versions 7.15.1 and 8.9.3 patch the issue. Users should also use a Content Security Policy (CSP) header to completely mitigate XSS.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
  • Suitecrm

    APP
    Suitecrm
    < 7.15.18.0.0 – 8.9.3 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2026-29103CRITICAL9.1PL ✓ten sam produkt

RCE w SuiteCRM — bypass patcha CVE-2024-49774 przez błąd w ModuleScanner

CVE-2026-33288HIGH8.8ten sam produkt

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prio...

CVE-2026-29189HIGH8.1ten sam produkt

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prio...

CVE-2026-29109HIGH8.6ten sam produkt

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Vers...

CVE-2026-33289HIGH8.8ten sam produkt

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prio...

CVE-2026-29106 — MEDIUM 5.9 | CVEbaza.pl