{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T13:01:44.434","vulnerabilities":[{"cve":{"id":"CVE-2020-28956","sourceIdentifier":"cve@mitre.org","published":"2021-10-22T20:15:10.740","lastModified":"2024-11-21T05:23:22.810","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields."},{"lang":"es","value":"Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el módulo de ventas de SugarCRM versión v6.5.18, permiten a atacantes ejecutar scripts web arbitrarios o HTML por medio de cargas útiles diseñadas introducidas en los campos de entrada the primary address state o alternate address state"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sugarcrm:sugarcrm:6.5.18:*:*:*:*:*:*:*","matchCriteriaId":"FE6D1FAF-2303-4975-B48C-86834E2A61F5"}]}]}],"references":[{"url":"https://www.vulnerability-lab.com/get_content.php?id=2249","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.vulnerability-lab.com/get_content.php?id=2249","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}