What the vulnerability does
01Description
Cross-site Scripting (XSS) - Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2.
CVE-2023-6128
MEDIUM
CVE-2023-6128: Cross-site Scripting (XSS) - Reflected in salesagility/suitecrm
CVSS base score
6.8/10
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Key dates
02Disclosure timeline
November 14, 2023
CVE published
January 8, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2023-38219 Validate Your Inputs | Cross-site Scripting (Stored XSS) (CWE-79) - Customer to Admin stored XSS with Gift wrapping
CVE-2021-41261 Stored Cross-site Scripting in Galette
CVE-2025-48055 Combodo iTop has stored XSS in user portal's browse brick
CVE-2020-15253 Stored XSS in Grocy
CVE-2024-1782 Blue Triad EZAnalytics <= 1.0 - Reflected Cross-Site Scripting via 'bt_webid'
