CVE-2026-29105
MEDIUM SEVERITYCVSS Score & Metrics
Base Score
5.4 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Vulnerability Description
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, SuiteCRM contains an unauthenticated open redirect vulnerability in the WebToLead capture functionality. A user-supplied POST parameter is used as a redirect destination without validation, allowing attackers to redirect victims to arbitrary external websites. This vulnerability allows attackers to abuse the trusted SuiteCRM domain for phishing and social engineering attacks by redirecting users to malicious external websites. Versions 7.15.1 and 8.9.3 patch the issue.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-601
Source
NVD
Vendor
SuiteCRM
Product
SuiteCRM
Discussion (0)
Add Comment
No comments yet. Be the first!