QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-54784

Back to search

CVE-2025-54784

Published: Aug 7, 2025

Modified: Aug 7, 2025

PUBLISHED

Description

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. There is a Cross Site Scripting (XSS) vulnerability in the email viewer in versions 7.14.0 through 7.14.6. An external attacker could send a prepared message to the inbox of the SuiteCRM-instance. By simply viewing emails as the logged-in user, the payload can be triggered. With that, an attacker is able to run arbitrary actions as the logged-in user - like extracting data, or if it is an admin executing the payload, takeover the instance. This is fixed in versions 7.14.7.

VendorProductVersions

SuiteCRM

SuiteCRM

affected
>= 7.14.0, < 7.14.7

Weaknesses (CWE)

CWE-79

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now