CVE-2025-54783

Name of the Vulnerable Software and Affected Versions SuiteCRM versions 7.14.6 and below

Description SuiteCRM is an open-source Customer Relationship Management (CRM) software application susceptible to a Reflected Cross-Site Scripting (XSS) issue. An attacker can execute JavaScript code by manipulating the HTTP Referer header to include a malicious domain containing JavaScript code. The server attempts to block the domain but allows the JavaScript code to execute.

Recommendations Upgrade to SuiteCRM version 7.14.7 or later.