CVE-2021-39268

Name of the Vulnerable Software and Affected Versions SuiteCRM versions prior to 7.11.19

Description The issue allows a remote attacker to introduce arbitrary JavaScript via malicious SVG files, bypassing the clean file output protection mechanism. This enables the execution of arbitrary code, potentially leading to unauthorized access or data manipulation.

Recommendations For versions prior to 7.11.19, update to version 7.11.19 or later to resolve the issue. As a temporary workaround, consider restricting the upload of SVG files or disabling the web interface until the update is applied.