CVE-2026-29100

CVSS v3.1

7.1

High

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. SuiteCRM 7.15.0 contains a reflected HTML injection vulnerability in the login page that allows attackers to inject arbitrary HTML content, enabling phishing attacks and page defacement. Version 7.15.1 patches the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2026-29100

Affected Products

Suitecrm

CVE-2026-29100

Weakness Enumeration

Related Identifiers

Affected Products

References · 2