CVE-2019-14974 PoC — SugarCRM Enterprise 跨站脚本漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-14974.yaml

Associated Vulnerability

Title:SugarCRM Enterprise 跨站脚本漏洞 (CVE-2019-14974)
Description:SugarCRM Enterprise是美国SugarCRM公司的一套开源的客户关系管理系统（CRM）的企业版。该系统支持对不同的客户需求进行差异化营销、管理和分配销售线索，实现销售代表的信息共享和追踪。 SugarCRM Enterprise 9.0.0版本中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。

Description

SugarCRM Enterprise 9.0.0 contains a cross-site scripting vulnerability via mobile/error-not-supported-platform.html?desktop_url.

File Snapshot


 id: CVE-2019-14974

info:
  name: SugarCRM Enterprise 9.0.0 - Cross-Site Scripting
  author: madrobo

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!