CVE-2020-28955

Name of the Vulnerable Software and Affected Versions: SugarCRM version 6.5.18

Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the First Name or Last Name input fields in the Create Employee module. This enables the execution of malicious code on the affected system.

Recommendations: For SugarCRM version 6.5.18, consider disabling the Create Employee module until a patch is available to prevent exploitation of the cross-site scripting issue. Restrict access to the First Name and Last Name input fields to minimize the risk of malicious code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.