Back to CVE List

CVE-2026-29105

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
5.4 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Vulnerability Description

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, SuiteCRM contains an unauthenticated open redirect vulnerability in the WebToLead capture functionality. A user-supplied POST parameter is used as a redirect destination without validation, allowing attackers to redirect victims to arbitrary external websites. This vulnerability allows attackers to abuse the trusted SuiteCRM domain for phishing and social engineering attacks by redirecting users to malicious external websites. Versions 7.15.1 and 8.9.3 patch the issue.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-601
Source
NVD
Vendor
SuiteCRM
Product
SuiteCRM

External References

Discussion (0)

Add Comment

No comments yet. Be the first!