CVE-2006-6712

Published: Dec 23, 2006Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in SugarCRM Open Source 4.5.0f and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in crafted email messages.

Affected (1)

Products: Sugarcrm: Sugarcrm

Sugarcrm

1 product

Sugarcrm

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sugarcrm Sugarcrm	Up to 4.5.0f

References (12)

http://dl.sugarforge.org/sugardocs/Notes/ReleaseNotes/SugarOpenSource_ReleaseNotes_4.5.0g.pdf

Source: cve@mitre.org

URL Repurposed

http://jvn.jp/jp/JVN%2374079537/index.html

Source: cve@mitre.org

http://secunia.com/advisories/23424

Source: cve@mitre.org

PatchVendor Advisory

http://securitytracker.com/id?1017434

Source: cve@mitre.org

http://www.securityfocus.com/bid/21694

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/5100

Source: cve@mitre.org

http://dl.sugarforge.org/sugardocs/Notes/ReleaseNotes/SugarOpenSource_ReleaseNotes_4.5.0g.pdf