Sugarcrm · Sugarcrm Enterprise · CVE-2019-14974
**Name of the Vulnerable Software and Affected Versions**
SugarCRM Enterprise version 9.0.0
**Description**
The issue allows for a cross-site scripting (XSS) attack. XSS is a type of attack where an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. There have been reports of a bypass for this issue, indicating that it may still be exploitable in some cases.
**Recommendations**
For SugarCRM Enterprise version 9.0.0, at the moment, there is no information about a newer version that contains a fix for this issue.