CVE-2019-14974

MEDIUM NUCLEI

Sugarcrm - XSS

Title source: rule

Description

SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS.

Exploits (2)

exploitdb WRITEUP
by Ilca Lucian Florin · textwebappsphp
https://www.exploit-db.com/exploits/47247
nomisec SCANNER 4 stars
by conan-sudo · poc
https://github.com/conan-sudo/CVE-2019-14974-bypass

Nuclei Templates (1)

SugarCRM Enterprise 9.0.0 - Cross-Site Scripting
MEDIUMby madrobot
Shodan: http.html:"sugarcrm inc. all rights reserved" || http.title:sugarcrm
FOFA: body="sugarcrm inc. all rights reserved" || title=sugarcrm

References (1)

Scores

CVSS v3 6.1
EPSS 0.4729
EPSS Percentile 97.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
sugarcrm/sugarcrm 9.0.0
Published Aug 14, 2019
Tracked Since Feb 18, 2026