Amame04

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 7.14.6 SuiteCRM versions prior to 8.7.1 Description: The issue is caused by insufficient input value validation, leading to Blind SQL injection in the DeleteRelationShip function. This allows for potential exploitation. Users are advised to upgrade to address the issue. Recommendations: For versions prior to 7.14.6, upgrade to version 7.14.6 or later. For versions prior to 8.7.1, upgrade to version 8.7.1 or later. As a temporary workaround, consider restricting access to the DeleteRelationShip function until a patch is applied.

Name of the Vulnerable Software and Affected Versions: Craft CMS 5 (affected versions not specified) Description: The issue is related to stored XSS that can be triggered by the breadcrumb list and title fields with user input. Malicious users can tamper with the control panel. The vulnerability can be exploited in various pages, including the /admin/categories page, category edit page, /admin/entries page, entry edit page, and /admin/myaccount page. The `title` column and `username` or `full name` in the breadcrumb list are not sanitized, allowing XSS to be triggered. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.