CVE-2021-31792

Description

XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field

How to fix CVE-2021-31792

To remediate CVE-2021-31792, upgrade the affected package to a fixed version below.

• Bitnami/suitecrm—upgrade to 7.11.19 or later

Is CVE-2021-31792 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 7.11.19

CVSS scores

References (4)

• WEBchris-forbes.github.io/CVE-2021-31792
• WEBdocs.suitecrm.com/admin/releases/7.11.x/#_7_11_19
• WEBgithub.com/salesagility/SuiteCRM
• WEBnvd.nist.gov/vuln/detail/CVE-2021-31792