CVE-2020-28956

Name of the Vulnerable Software and Affected Versions: SugarCRM version 6.5.18

Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the Sales module. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields.

Recommendations: For SugarCRM version 6.5.18, as a temporary workaround, consider restricting input to the primary address state and alternate address state fields to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.