CVE-2018-20816

Name of the Vulnerable Software and Affected Versions: SalesAgility SuiteCRM versions 7.x through 7.8.23 SalesAgility SuiteCRM versions 7.10.x through 7.10.10

Description: The issue is related to a combination of XSS and CSRF vulnerabilities. It affects the "add dashboard pages" feature, allowing malicious attacks through phished URLs, which can lead to script execution and cookie stealing, also known as session hijacking.

Recommendations: For SalesAgility SuiteCRM versions 7.x through 7.8.23, update to version 7.8.24 or later. For SalesAgility SuiteCRM versions 7.10.x through 7.10.10, update to version 7.10.11 or later.