Primary

Context

SuiteCRM Reflected HTML Injection Vulnerability in Login Page

Vulnerability

A reflected HTML injection vulnerability has been identified in SuiteCRM versions through 7.15.0. This issue resides on the login page, where attackers can inject arbitrary HTML content. Such injections could facilitate phishing attacks or lead to page defacement. The vulnerability has been patched in SuiteCRM version 7.15.1.

Impact

Exploitation of this vulnerability allows for reflected HTML injection, which could be used to execute phishing attacks or deface the page.

Remediation

Users can upgrade to SuiteCRM version 7.15.1 to address this vulnerability.

Added: Mar 19, 2026, 11:28 PM

Updated: Mar 19, 2026, 11:28 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.2

exploitability

6.2

remediation

0.0

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.2

exploitability

6.2

remediation

0.0

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SuiteCRM Reflected HTML Injection Vulnerability in Login Page

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating