漏洞描述
SugarCRM 3.5.1易受通过phprint.php和查询字符串中的参数名称(又名$key变量)进行跨站点脚本编写的攻击。
SugarCRM 3.5.1 XSS (CVE-2018-5715)
PoC代码
暂无相关漏洞推荐
-
CVE-2018-5715: SugarCRM 3.5.1 - Cross-Site Scripting POC
2025-08-01 | SugarCRMSugarCRM 3.5.1 is vulnerable to cross-site scripting via phprint.php and a parameter name in the que... -
CVE-2019-14974: SugarCRM Enterprise 9.0.0 - Cross-Site Scripting POC
2025-08-01 | SugarCRM EnterpriseSugarCRM Enterprise 9.0.0 contains a cross-site scripting vulnerability via mobile/error-not-support... -
CVE-2023-22952: SugarCRM Unauthenticated - Remote Code Execution POC
2025-08-01 | SugarCRMIn SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the Emai... -
CVE-2018-1000600: Pre-auth Fully-responded SSRF POC
2025-09-01 | Pre-authA exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier... -
CVE-2018-1000861: Jenkins 2.138 Remote Command Execution POC
2025-09-01 | JenkinsA code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier...