Vulnerability Database

300,214

Total vulnerabilities in the database

CVE-2025-41384

Cross-Site Scripting (XSS) vulnerability reflected in SuiteCRM v7.14.1. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include an arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary domain but will allow the JavaScript code to execute.

Published: Oct 27, 2025
Updated: Nov 4, 2025
CVE: CVE-2025-41384
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
salesagility / suitecrm	7.14.1	7.14.1.x

https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-xss-suitecrm

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo