CVE-2018-5715

MEDIUM NUCLEI

SugarCRM 3.5.1 - XSS

Title source: llm

Description

phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable).

Exploits (1)

exploitdb WORKING POC
by Guilherme Assmann · textwebappsphp
https://www.exploit-db.com/exploits/43683

Nuclei Templates (1)

SugarCRM 3.5.1 - Cross-Site Scripting
MEDIUMby edoardottt
Shodan: http.html:"SugarCRM Inc. All Rights Reserved" || http.title:sugarcrm || http.html:"sugarcrm inc. all rights reserved"
FOFA: body="sugarcrm inc. all rights reserved" || title=sugarcrm

References (2)

Scores

CVSS v3 6.1
EPSS 0.0344
EPSS Percentile 87.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
sugarcrm/sugarcrm 3.5.1
Published Jan 16, 2018
Tracked Since Feb 18, 2026