Unrated severityNVD Advisory· Published Jan 1, 2005· Updated Apr 16, 2026
CVE-2005-0266
CVE-2005-0266
Description
Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X allows remote attackers to inject arbitrary web script or HTML via the (1) return_module, (2) return_action, (3) name, (4) module, or (5) record parameter.
Affected products
13cpe:2.3:a:sugarcrm:sugarcrm:1.0:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:sugarcrm:sugarcrm:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:sugarcrm:sugarcrm:1.0f:*:*:*:*:*:*:*
- cpe:2.3:a:sugarcrm:sugarcrm:1.0g:*:*:*:*:*:*:*
- cpe:2.3:a:sugarcrm:sugarcrm:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:sugarcrm:sugarcrm:1.1a:*:*:*:*:*:*:*
- cpe:2.3:a:sugarcrm:sugarcrm:1.1b:*:*:*:*:*:*:*
- cpe:2.3:a:sugarcrm:sugarcrm:1.1c:*:*:*:*:*:*:*
- cpe:2.3:a:sugarcrm:sugarcrm:1.1d:*:*:*:*:*:*:*
- cpe:2.3:a:sugarcrm:sugarcrm:1.1e:*:*:*:*:*:*:*
- cpe:2.3:a:sugarcrm:sugarcrm:1.1f:*:*:*:*:*:*:*
- cpe:2.3:a:sugarcrm:sugarcrm:1.5d:*:*:*:*:*:*:*
- cpe:2.3:a:sugarcrm:sugarcrm:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:sugarcrm:sugarcrm:2.0.1a:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.