6.1
CVE-2025-64491
- EPSS 0.17%
- Veröffentlicht 08.11.2025 00:45:07
- Zuletzt bearbeitet 25.11.2025 17:33:02
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
SuiteCRM is vulnerable to unauthenticated reflected XSS through its Login page
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 7.14.7 and below allow unauthenticated reflected Cross-Site Scripting (XSS). Successful exploitation could lead to full account takeover, for example by altering the login form to send credentials to an attacker-controlled server. As a reflected XSS issue, exploitation requires the victim to open a crafted malicious link, which can be delivered via phishing, social media, or other communication channels. This issue is fixed in version 7.14.8.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Salesagility ≫ Suite CRM Version < 7.14.8
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.062 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://github.com/SuiteCRM/SuiteCRM/commit/40da2845a170832a4e9e9fa0ebe731f8c34de42d
https://github.com/SuiteCRM/SuiteCRM/security/advisories/GHSA-prfm-6667-x3mv