7:["$","div",null,{"suppressHydrationWarning":true,"className":"max-w-screen overflow-hidden bg-asmPageTopBG bg-repeat-space bg-cover","children":["$","$L15",null,{"blok":{"tag":"","_uid":"cb152be4-417a-4aef-9712-8494a3155411","body":[{"_uid":"4edbefe1-ae1d-43b7-8adc-d16a6e03346e","component":"global_header","reference":[{"name":"Navigation","created_at":"2025-12-12T21:23:00.099Z","published_at":"2025-12-10T18:12:48.651Z","updated_at":"2025-12-12T21:23:00.099Z","id":122408878506357,"uuid":"a01aed2a-fcd9-445e-ba4f-1e207f311d2b","content":{"_uid":"888f9d58-d099-4867-a1db-115cd704c6d4","global":[{"Nav":[{"_uid":"ba481eb4-d534-400f-b77a-aa26ad4718d2","name":"Products","title":"All Products","Navitems":[{"url":{"id":"5ba4d0b3-4dad-41b8-bbc3-6b1183a20287","url":"","linktype":"story","fieldtype":"multilink","cached_url":"attack-surface-management"},"_uid":"9960bd3d-1982-4572-a3bb-75cb0886b040","icon":{"id":21241298,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/a88052a5e6/asm.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Attack Surface Management","subtitle":"Get a hacker’s view of your known & unknown assets and exposures.","component":"Headernavitem","_editable":""},{"url":{"id":"14293fda-cbfc-4292-889b-ac1fe826e69d","url":"","linktype":"story","fieldtype":"multilink","cached_url":"vulnerability-intelligence"},"_uid":"8700128b-0f30-4730-8a02-e8fb31f3527b","icon":{"id":21241294,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/7c5a26d895/vi.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Vulnerability Intelligence","subtitle":"Cybersecurity strategy with timely, contextual, & predictive insights.","component":"Headernavitem","_editable":""}],"component":"Navigation","_editable":""},{"_uid":"cbaff37c-0c5e-457a-a014-64e2a1a1579d","name":"Solutions","title":"All Solutions","Navitems":[{"url":{"id":"1fe67f71-dca0-4ae7-8086-45424812c7c2","url":"","linktype":"story","fieldtype":"multilink","cached_url":"vulnerability-management"},"_uid":"554e3dd3-c9f2-41ac-96f3-a4cfc227ecd5","icon":{"id":21241299,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/e7370ee665/vm.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Vulnerability Management","subtitle":"Manage evolving risks with continuous threat analysis.","component":"Headernavitem","_editable":""},{"url":{"id":"9385496e-0e96-409c-a551-1be788461163","url":"","linktype":"story","fieldtype":"multilink","cached_url":"penetration-testing"},"_uid":"33edd474-13a7-4ce7-b86b-caa079bdf644","icon":{"id":21323606,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/12dc098b21/pentest-1.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Penetration Testing","subtitle":"Test your defenses before an attacker exploits them.","component":"Headernavitem","_editable":""}],"component":"Navigation","_editable":""},{"_uid":"bc900e69-950c-40fb-91af-9d4742d9f48e","name":"Use Cases","title":"All Use Cases","Navitems":[{"url":{"id":"0aaf2b18-9d31-4dce-937b-3dbb24b44e5a","url":"","linktype":"story","fieldtype":"multilink","cached_url":"continous-attack-surface-reduction"},"_uid":"e3765180-6f96-40eb-9f64-215b33de28db","icon":{"id":21241305,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/834a67323c/casr.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Continuous Attack Surface Reduction","subtitle":"Continuous visibility into your attack surface for proactive mitigation.","component":"Headernavitem","_editable":""},{"url":{"id":"17c33595-9ad4-45cf-aa34-1d759f00f4d8","url":"","linktype":"story","fieldtype":"multilink","cached_url":"assets-with-known-ransomware-exploitable-vulnerabilities"},"_uid":"f8a18872-047e-4ae1-91ce-e54afb29b485","icon":{"id":21448618,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/140x140/4a5cbbbb3f/assets.png","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Assets with Known Ransomware & Exploitable Vulnerabilities","subtitle":"Discover if you are exposed to known ransomware vulnerabilities or not.","component":"Headernavitem","_editable":""},{"url":{"id":"59a08f71-0be4-46cf-9b61-af87e90775de","url":"","linktype":"story","fieldtype":"multilink","cached_url":"network-application-vulnerability-management"},"_uid":"68ad5556-028e-42c4-8c40-5278f33da543","icon":{"id":21241295,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/0fcbc28b9d/navm.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Network & Application Vulnerability Management","subtitle":"We scan, detect, analyze, & prioritize vulnerabilities in your network & apps.","component":"Headernavitem","_editable":""},{"url":{"id":"e357eb6c-b37f-42c2-8160-c55410d1c6fd","url":"","linktype":"story","fieldtype":"multilink","cached_url":"vulnerability-prioritization"},"_uid":"7e2e4250-652c-47cd-8118-25c56396cfee","icon":{"id":21448658,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/140x140/5582316119/vulnerability-priortization.png","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Vulnerability Prioritization","subtitle":"Prioritize vulnerabilities for quicker remediation.","component":"Headernavitem","_editable":""},{"url":{"id":"1f0dc561-50ef-4fbe-b051-11e113988951","url":"","linktype":"story","fieldtype":"multilink","cached_url":"network-infrastructure-penetration-testing"},"_uid":"79250bf9-09ba-4dea-86bd-f576850a3057","icon":{"id":21241302,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/a9a76f74bf/nipt.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Network & Infrastructure Penetration Testing","subtitle":"Penetration experts simulate real-world attacks on your environment.","component":"Headernavitem","_editable":""},{"url":{"id":"44727d2d-19cd-4f69-a329-ccef5b64a5a7","url":"","linktype":"story","fieldtype":"multilink","cached_url":"meet-your-compliance-requirements"},"_uid":"d1abf960-90ab-4e4a-8147-89d998b16f3b","icon":{"id":21448637,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/140x140/9e6ffcf73a/meet.png","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Meet your Compliance Requirements","subtitle":"Manage compliance requirements and test your security controls.","component":"Headernavitem","_editable":""}],"component":"Navigation","_editable":""},{"_uid":"ce844fb3-7d75-43ca-b03d-fc2d36f03121","link":{"id":"c801d107-dc40-4bc1-99ba-243fe92ceee1","url":"","linktype":"story","fieldtype":"multilink","cached_url":"partners"},"name":"Partners","title":"Partners","Navitems":[],"component":"Navigation","_editable":""},{"_uid":"65cfc6ff-bb0b-4ff4-bd69-f3ab676e570f","name":"Resources","title":"All Resources","Navitems":[{"url":{"id":"db92bf62-b3aa-4767-8c4d-f8e6a6588af8","url":"","linktype":"story","fieldtype":"multilink","cached_url":"reports"},"_uid":"cce882f8-f607-4ed6-9f5d-7d967509161b","icon":{"id":21241293,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/e019aafb50/reports.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Reports","subtitle":"Your trusted source for comprehensive insights.","component":"Headernavitem","_editable":""},{"url":{"id":"71481572-d542-499b-ba96-cf7eb6530c95","url":"","linktype":"story","fieldtype":"multilink","cached_url":"press-releases"},"_uid":"726f54bb-f50b-4d15-a032-564bc3ece243","icon":{"id":21241296,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/31f000d7f1/mc.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Press Releases","subtitle":"Latest announcements from Securin.","component":"Headernavitem","_editable":""},{"url":{"id":"","url":"https://www.securin.io/articles","linktype":"url","fieldtype":"multilink","cached_url":"https://www.securin.io/articles"},"_uid":"a734e86d-446c-4740-9fd5-67cd33a6ddff","icon":{"id":21241300,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/4f16501ed6/articles.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Articles","subtitle":"Read about the latest news & updates in cybersecurity.","component":"Headernavitem","_editable":""},{"url":{"id":"58fb24b2-197b-40c9-b96c-917f20a5203c","url":"","linktype":"story","fieldtype":"multilink","cached_url":"media-coverage"},"_uid":"c5455cdc-c4aa-4a7c-a24e-5cb816ba10e3","icon":{"id":22191227,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/689424e016/media-coverage-icon.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Media Coverage","subtitle":"See Securin in the news.","component":"Headernavitem","_editable":""},{"url":{"id":"e9406dca-295b-4e76-8a13-3b057260fbf8","url":"","linktype":"story","fieldtype":"multilink","cached_url":"zero-days"},"_uid":"cd0d1ab4-7b63-433d-b14a-d20dd2029925","icon":{"id":22191228,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/70x70/16276d1e46/zero-days-icon.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Zero Days","subtitle":"Zero days discovered by Securin as a CNA.","component":"Headernavitem","_editable":""},{"url":{"id":"f8a9fdba-9a79-4683-b055-196f6972b35f","url":"","linktype":"story","fieldtype":"multilink","cached_url":"ai-research-and-development"},"_uid":"cf2db2da-1796-4a63-9172-45e2fa707f4e","icon":{"id":23128701,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/100x100/98f24a7a21/ai-icon.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"AI R&D","subtitle":"Transforming AI security","component":"Headernavitem","_editable":""},{"url":{"id":"294fda8c-1175-4451-a050-4bd6a905b4d5","url":"","linktype":"story","fieldtype":"multilink","cached_url":"glossary"},"_uid":"9ff4140b-e81b-4e52-98c2-acd88945ac3f","icon":{"id":119355095319110,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/140x140/2b0bf16205/whatsapp-image-2025-12-03-at-5-47-53-pm.jpeg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Glossary","subtitle":"Your essential cybersecurity glossary.","component":"Headernavitem","_editable":""}],"component":"Navigation","_editable":""},{"_uid":"4c1f8557-0141-4730-8f9f-53d1afccd253","name":"About Us","title":"About Us","Navitems":[{"url":{"id":"d50c67b9-5e79-4b73-b17e-64b2b62cd1c8","url":"","linktype":"story","fieldtype":"multilink","cached_url":"overview"},"_uid":"ab8f54f9-4c47-47bd-8b3e-968740897e02","icon":{"id":21448402,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/105x105/9c403d1155/who-we-are.png","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Who We Are","subtitle":"Get to know us better!","component":"Headernavitem","_editable":""},{"url":{"id":"","url":"https://careers.securin.io/jobs/Careers","target":"_blank","linktype":"url","fieldtype":"multilink","cached_url":"https://careers.securin.io/jobs/Careers"},"_uid":"eaec0e73-d5ad-4a34-b535-54c2f6f45d70","icon":{"id":21448419,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/105x105/37c7256d56/career.png","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Careers","subtitle":"Come work with us.","component":"Headernavitem","_editable":""},{"url":{"id":"2de96d0f-a87b-4413-844a-afdc684462ee","url":"","linktype":"story","fieldtype":"multilink","cached_url":"patents"},"_uid":"99148571-68ba-4af3-a2b5-28df368679c5","icon":{"id":22748194,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/312x385/be4d582b51/securin-patent-1.png","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Patents","subtitle":"Our innovative cybersecurity patents .","component":"Headernavitem","_editable":""},{"url":{"id":"459c627c-58d2-4d3b-9041-a2c79e1452c9","url":"","linktype":"story","fieldtype":"multilink","cached_url":"contact-us"},"_uid":"60f08250-27e1-4de0-b251-a4e241d593fa","icon":{"id":21448457,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/105x105/1cdadd4651/let-s-chat.png","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"title":"Let's Chat","subtitle":"Connect with our experts.","component":"Headernavitem","_editable":""}],"component":"Navigation","_editable":""}],"_uid":"2cf86c8f-c4a6-4a06-b37e-514864bee646","component":"GlobalNav","_editable":""}],"component":"Global","_editable":""},"slug":"navigation","full_slug":"global/navigation","sort_by_date":null,"position":-10,"tag_list":[],"is_startpage":false,"parent_id":122408867598516,"meta_data":null,"group_id":"7eece501-7a27-4c71-8033-d7a2ec2f9b6e","first_published_at":"2025-03-05T13:02:52.985Z","release_id":null,"lang":"default","path":null,"alternates":[],"default_full_slug":null,"translated_slugs":null,"_stopResolving":true}],"_editable":""},{"_uid":"6a762255-a6e1-40bf-a569-6282b883eb7e","lead":"CVE-2023-22952","heading":"Vulnerability Notice","component":"VN Hero","subheading":"","calendar_icon":{"id":23176395,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/38x51/853d475091/calendar.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"published_date":"2022-12-30 23:20","_editable":""},{"_uid":"1614a349-8041-4c08-8d3c-61954144a2df","component":"VN Table","TableColumn":[{"_uid":"085c0bdd-b396-4b34-b5c5-2ef845addf38","lead":"SugarCRM","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"Vendor","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"6a97ae52-a412-4b00-99a3-a429c50c2531","lead":"SugarCRM","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"Affected Products","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"69df7455-6ef3-4312-854e-36cd62926692","lead":"8.8","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"CVSS Score","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""},{"_uid":"b057e4d5-bb58-4495-98a1-4177ca3f40ad","lead":"9.77","text":{"type":"doc","content":[{"type":"paragraph"}]},"button":[],"headline":"Risk Index","alignment":"center","component":"text-section","background_color":"white","overlap_preceding_hero":false,"single_color_background":false,"_editable":""}],"_editable":""},{"_uid":"e3b7149a-49e5-465a-bd57-9f30cc05e893","content":{"type":"doc","content":[{"type":"heading","attrs":{"level":1},"content":[{"text":"Description","type":"text"}]},{"type":"paragraph","content":[{"text":"A critical vulnerability has been identified in the EmailTemplates component of SugarCRM, a customer relationship management system. A crafted request can inject custom PHP code due to missing input validation.","type":"text"}]},{"type":"heading","attrs":{"level":1},"content":[{"text":"Affected Product(s)","type":"text"}]},{"type":"paragraph","content":[{"text":"SugarCRM versions 11.0.0 to 11.0.4 and 12.0.0 to 12.0.1","type":"text"}]},{"type":"heading","attrs":{"level":1},"content":[{"text":"Technical Details","type":"text"}]},{"type":"paragraph","content":[{"text":"SugarCRM has been identified with a critical vulnerability, specifically within its EmailTemplates component. This vulnerability arises from the inadequacy in input validation, allowing a crafted request to inject and execute custom PHP code on the server. The affected versions of SugarCRM include 11.0.0 to 11.0.4 and 12.0.0 to 12.0.1.","type":"text"}]},{"type":"paragraph","content":[{"text":"In the reported exploit, the vulnerability targets the ","type":"text"},{"text":"/index.php?module=EmailTemplates&action=AttachFiles","type":"text","marks":[{"type":"code"}]},{"text":" endpoint. Due to improper input validation, a malicious PNG file containing embedded PHP code can be uploaded to the ","type":"text"},{"text":"/cache/images/","type":"text","marks":[{"type":"code"}]},{"text":" directory on the server. If the server is configured to execute PHP code in this directory, the embedded PHP code will run, allowing arbitrary code execution and potential full system compromise.","type":"text"}]},{"type":"paragraph","content":[{"text":"The vulnerability is marked as a High severity issue with a CVSSv3 score of 8.8 and a CVSSv2 score of 10.0. This scoring reflects the potential risks and impacts of exploitation, which include gaining unauthorized access to sensitive data, executing arbitrary code, and compromising the server's integrity and availability.","type":"text"}]},{"type":"paragraph","content":[{"text":"The vulnerability does not require any form of authentication due to a missing authentication check in the ","type":"text"},{"text":"loadUser()","type":"text","marks":[{"type":"code"}]},{"text":" method within ","type":"text"},{"text":"include/MVC/SugarApplication.php","type":"text","marks":[{"type":"code"}]},{"text":". Even after a failed login attempt, the session remains active, allowing the attacker to continue sending valid requests to the application. Hence, any remote attacker, irrespective of authentication status, can exploit this vulnerability to gain access to the underlying operating system as the web service user (typically ","type":"text"},{"text":"www-data","type":"text","marks":[{"type":"code"}]},{"text":").","type":"text"}]},{"type":"paragraph","content":[{"text":"This vulnerability has been actively exploited in the wild. The exploit code for this vulnerability has been published on platforms such as Full Disclosure, indicating the widespread availability of this exploit. The availability of the exploit code considerably raises the risk associated with this vulnerability, making it imperative for affected users to take immediate remediation actions.","type":"text"}]},{"type":"paragraph","content":[{"text":"The final solution includes applying a fix or upgrading to the latest version as recommended by SugarCRM. Patch versions 11.0.5 and 12.0.2 address this vulnerability and implement proper input validation in the EmailTemplates component. Users are advised to upgrade to these versions or apply the necessary patches immediately.","type":"text"}]},{"type":"heading","attrs":{"level":1},"content":[{"text":"Weakness","type":"text"}]},{"type":"paragraph","content":[{"text":"The vulnerabilities associated with this issue are Improper Input Validation (CWE-20) and Unrestricted Upload of File with Dangerous Type (CWE-434). These weaknesses result in the system being unable to properly sanitize user-supplied input, allowing malicious files to be uploaded and executed.","type":"text"}]},{"type":"heading","attrs":{"level":1},"content":[{"text":"Impact Assessment","type":"text"}]},{"type":"paragraph","content":[{"text":"If exploited, this vulnerability could allow an attacker to gain unauthorized access to sensitive data, execute arbitrary code, and potentially compromise the entire affected system. The attacker can embed malicious code in a seemingly harmless file, which, when executed, can provide full control over the server.","type":"text"}]},{"type":"heading","attrs":{"level":1},"content":[{"text":"Active Exploitation","type":"text"}]},{"type":"paragraph","content":[{"text":"We have observed that this vulnerability has been actively exploited. Notable exploits include those published by the adversary group leveraging platforms like Full Disclosure to share exploit code targeting this vulnerability in SugarCRM.","type":"text"}]},{"type":"heading","attrs":{"level":1},"content":[{"text":"Ransomware Association","type":"text"}]},{"type":"paragraph","content":[{"text":"This specific vulnerability in SugarCRM has not been associated with any known ransomware attacks directly. However, the nature of remote code execution vulnerabilities infers a high risk of such use cases, given that gaining full control of a system can lead to potential ransomware deployment.","type":"text"}]},{"type":"heading","attrs":{"level":1},"content":[{"text":"Mitigation and Resolution","type":"text"}]},{"type":"paragraph","content":[{"text":"SugarCRM has released patches that address this critical vulnerability. Users must immediately update to versions 11.0.5 or 12.0.2 to mitigate the risks associated with this vulnerability. Upgrading to these versions includes proper input validation in the EmailTemplates component, thereby neutralizing the potential for executing custom PHP code.","type":"text"}]},{"type":"heading","attrs":{"level":1},"content":[{"text":"Recommendations","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"We strongly recommend that all customers apply the latest patch as soon as possible.","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Update to SugarCRM versions 11.0.5 or 12.0.2 immediately.","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Ensure proper configuration to minimize executable permissions in web directories.","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Regularly review and monitor web application configurations for any anomalies.","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Implement proper access controls and session management to prevent unauthorized access.","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Consider using a web application firewall (WAF) to provide an additional layer of security against such vulnerabilities.","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Stay updated with the latest security advisories from SugarCRM and other security communities.","type":"text"}]}]}]},{"type":"heading","attrs":{"level":1},"content":[{"text":" References ","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Zero Day Database","type":"text","marks":[{"type":"link","attrs":{"href":"https://www.zero-day.cz/database/742/","uuid":null,"anchor":null,"target":"_self","linktype":"url"}}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"CVE MITRE Database","type":"text","marks":[{"type":"link","attrs":{"href":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22952","uuid":null,"anchor":null,"target":"_self","linktype":"url"}}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"National Vulnerability Database","type":"text","marks":[{"type":"link","attrs":{"href":"https://nvd.nist.gov/vuln/detail/CVE-2023-22952","uuid":null,"anchor":null,"target":"_self","linktype":"url"}}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"PacketStorm Advisory on SugarCRM 12.x RCE","type":"text","marks":[{"type":"link","attrs":{"href":"packetstormsecurity.com/files/171320/SugarCRM-12.x-Remote-Code-Execution-Shell-Upload.html","uuid":null,"anchor":null,"target":"_self","linktype":"url"}}]},{"text":" ","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"SugarCRM Product Updates","type":"text","marks":[{"type":"link","attrs":{"href":"https://sugarclub.sugarcrm.com/explore/product-updates/b/sugar-sell-updates/posts/january-4-2023-cri%E2%80%A6","uuid":null,"anchor":null,"target":"_self","linktype":"url"}}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"SugarCRM Security Hotfix Update","type":"text","marks":[{"type":"link","attrs":{"href":"https://sugarclub.sugarcrm.com/explore/product-updates/b/sugar-sell-updates/posts/january-4-2023-critical-security-hotfix","uuid":null,"anchor":null,"target":"_self","linktype":"url"}}]}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"SugarCRM Security Resources","type":"text","marks":[{"type":"link","attrs":{"href":"https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-001/","uuid":null,"anchor":null,"target":"_self","linktype":"url"}}]}]}]}]},{"type":"heading","attrs":{"level":1},"content":[{"text":"View In Platform","type":"text"}]},{"type":"ordered_list","attrs":{"order":1},"content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"https://vi.securin.io/vulnerability/detail/cve-2023-22952 ","type":"text","marks":[{"type":"link","attrs":{"href":"https://vi.securin.io/vulnerability/detail/cve-2023-22952 ","uuid":null,"anchor":null,"target":"_self","linktype":"url"}}]}]}]}]}]},"component":"VN Content","_editable":""},{"_uid":"a24722bc-9469-4234-a368-53dcd0a73b1e","text":"Share this post on:","social":[{"_uid":"61534ca2-bb51-48ae-b7d7-38e23a9517e6","icon":{"id":23176425,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/56x56/c5a139c1c2/group-1000007370.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"text":"facebook","component":"Line Item with Icon or Image","_editable":""},{"_uid":"ae3dee8d-b870-4546-89cd-60153b2f46ed","icon":{"id":23176427,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/56x56/772a6cf4ae/group-1000007369.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"text":"instagram","component":"Line Item with Icon or Image","_editable":""},{"_uid":"f55b89fa-c23b-452c-ae06-d961329440bb","icon":{"id":23176426,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/56x56/736d163d7a/group-1000007368.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"text":"linkedin","component":"Line Item with Icon or Image","_editable":""}],"component":"VN Footer","_editable":""},{"_uid":"c80c46e2-704d-4662-b20a-4f2afeaf2950","component":"global_reference","reference":[{"name":"Footer","created_at":"2025-12-12T21:23:00.099Z","published_at":"2025-09-25T08:28:11.663Z","updated_at":"2025-12-12T21:23:00.099Z","id":122408878502260,"uuid":"dab2b928-0fc3-4089-80b3-767d414eae87","content":{"_uid":"78c16d78-9604-4304-8964-fb9c971cec17","global":[{"_uid":"c38a57d1-6019-4662-ac0d-4ff9dc3d2700","items":[{"_uid":"1321a724-b4f0-4637-b2d7-4d958f76bcb7","text":"Securin helps leaders continuously improve their security posture. We work as an extension of your team to better protect your organization.","image":{"id":21111115,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/196x43/202124087b/securinlogo.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"component":"FooterColumn1","sociallinks":[{"url":{"id":"","url":"https://www.facebook.com/securininc/","linktype":"url","fieldtype":"multilink","cached_url":"https://www.facebook.com/securininc/"},"_uid":"483fbfd4-d5de-4cfc-930a-99ad920c9b51","image":{"id":21111123,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/64x64/31d436da9a/facebook.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"component":"socialitem","_editable":""},{"url":{"id":"","url":"https://www.linkedin.com/company/securin-inc","linktype":"url","fieldtype":"multilink","cached_url":"https://www.linkedin.com/company/securin-inc"},"_uid":"fd906267-1e23-41b9-8453-c00359787bc4","image":{"id":21111126,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/64x64/d1c9e6c6b2/linkedin.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"component":"socialitem","_editable":""},{"url":{"id":"","url":"https://x.com/securin_inc","linktype":"url","fieldtype":"multilink","cached_url":"https://x.com/securin_inc"},"_uid":"023d62af-458f-4af0-b057-c421664bc550","image":{"id":21111125,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/64x64/7fa2bcc6d1/x.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"component":"socialitem","_editable":""},{"url":{"id":"","url":"https://www.youtube.com/channel/UCUbeF1KnED2KR87b74moVng","linktype":"url","fieldtype":"multilink","cached_url":"https://www.youtube.com/channel/UCUbeF1KnED2KR87b74moVng"},"_uid":"27bc3da1-b1bf-452b-899b-f726e0573785","image":{"id":21111124,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/64x64/5bab65fc1e/yt.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"component":"socialitem","_editable":""},{"url":{"id":"","url":"https://www.instagram.com/securininc/","linktype":"url","fieldtype":"multilink","cached_url":"https://www.instagram.com/securininc/"},"_uid":"bca52616-0b28-48b1-9ff5-78da89049b91","image":{"id":21111122,"alt":"","name":"","focus":"","title":"","source":"","filename":"https://a.storyblok.com/f/313778/64x64/e2b9a06f92/instagram.svg","copyright":"","fieldtype":"asset","meta_data":{},"is_external_url":false},"component":"socialitem","_editable":""}],"_editable":""},{"_uid":"0550b47c-24a0-4335-a246-a44b5447a111","email":"info@securin.io","phone":"+1 844-391-2089","title":"Contact Us","address":"2440 Louisiana Blvd NE #560, Albuquerque, NM 87110","component":"FooterColumn2","_editable":""},{"_uid":"4261e9fd-90be-43ba-989c-b18bf214df1a","Title":"Solutions","component":"FooterGenericItem","FooterLinks":[{"url":{"id":"5ba4d0b3-4dad-41b8-bbc3-6b1183a20287","url":"","linktype":"story","fieldtype":"multilink","cached_url":"attack-surface-management"},"_uid":"4b5af435-681f-4ddf-a514-d42f5b500594","text":"Attack Surface Management","component":"FooterLink","_editable":""},{"url":{"id":"14293fda-cbfc-4292-889b-ac1fe826e69d","url":"","linktype":"story","fieldtype":"multilink","cached_url":"vulnerability-intelligence"},"_uid":"05012d2c-7e65-4796-abfe-cec840dcec79","text":"Vulnerability Intelligence","component":"FooterLink","_editable":""},{"url":{"id":"1fe67f71-dca0-4ae7-8086-45424812c7c2","url":"","linktype":"story","fieldtype":"multilink","cached_url":"vulnerability-management"},"_uid":"0c3f0709-675a-401a-b6aa-cdddae9f88de","text":"Vulnerability Management","component":"FooterLink","_editable":""},{"url":{"id":"9385496e-0e96-409c-a551-1be788461163","url":"","linktype":"story","fieldtype":"multilink","cached_url":"penetration-testing"},"_uid":"a11c509a-3975-4115-9b5b-17fad5298c18","text":"Penetration Testing","component":"FooterLink","_editable":""}],"_editable":""},{"_uid":"9bdee094-39b9-4230-8c02-a2bfb41f6f2e","Title":"Resources","component":"FooterGenericItem","FooterLinks":[{"url":{"id":"","url":"https://www.securin.io/articles","linktype":"url","fieldtype":"multilink","cached_url":"https://www.securin.io/articles"},"_uid":"3d29a8a0-0be1-4d0e-891e-6c1e17171484","text":"Articles","component":"FooterLink","_editable":""},{"url":{"id":"db92bf62-b3aa-4767-8c4d-f8e6a6588af8","url":"","linktype":"story","fieldtype":"multilink","cached_url":"reports"},"_uid":"0e1baf58-1d99-4a31-b715-20c0014c0c7f","text":"Reports","component":"FooterLink","_editable":""},{"url":{"id":"71481572-d542-499b-ba96-cf7eb6530c95","url":"","linktype":"story","fieldtype":"multilink","cached_url":"press-releases"},"_uid":"c7cc1a4b-a94e-4152-89f8-9de0b70693b8","text":"Press Releases","component":"FooterLink","_editable":""},{"url":{"id":"58fb24b2-197b-40c9-b96c-917f20a5203c","url":"","linktype":"story","fieldtype":"multilink","cached_url":"media-coverage"},"_uid":"05496d03-da7f-4506-96b9-5cecdb65a5ad","text":"Media Coverage","component":"FooterLink","_editable":""},{"url":{"id":"e9406dca-295b-4e76-8a13-3b057260fbf8","url":"","linktype":"story","fieldtype":"multilink","cached_url":"zero-days"},"_uid":"ecbd6fa6-92c0-4bc0-842a-93703b0447a4","text":"Zero Days","component":"FooterLink","_editable":""},{"url":{"id":"f8a9fdba-9a79-4683-b055-196f6972b35f","url":"","linktype":"story","fieldtype":"multilink","cached_url":"ai-research-and-development"},"_uid":"bfa230aa-d0e3-461b-b426-e6630fdc0c69","text":"AI R&D","component":"FooterLink","_editable":""}],"_editable":""},{"_uid":"fee5eb9a-d971-4764-b21c-bc91df2b059c","Title":"Company","component":"FooterGenericItem","FooterLinks":[{"url":{"id":"d50c67b9-5e79-4b73-b17e-64b2b62cd1c8","url":"","linktype":"story","fieldtype":"multilink","cached_url":"overview"},"_uid":"4d9f8089-31c1-4a0b-884c-f3f95e198df7","text":"Who We Are","component":"FooterLink","_editable":""},{"url":{"id":"b50e02db-acf6-421f-9818-eeb29d991537","url":"","linktype":"story","fieldtype":"multilink","cached_url":"careers"},"_uid":"77b87ac9-8c7a-448a-96ee-4a92183f9792","text":"Careers","component":"FooterLink","_editable":""}],"_editable":""},{"_uid":"e387cd83-c5ac-49d4-92ce-e9e9bcce9e7e","links":[{"url":{"id":"7fc51f60-331b-42d5-bb41-4b190aca7e66","url":"","linktype":"story","fieldtype":"multilink","cached_url":"privacy-policy"},"_uid":"b6e10f1b-9d8b-419c-9ce2-e5a621144105","text":"Privacy Policy","component":"FooterLink","_editable":""},{"url":{"id":"b30581f8-32a0-467a-a935-eda15bf6d9e9","url":"","linktype":"story","fieldtype":"multilink","cached_url":"customer-agreements"},"_uid":"3346f5e4-a947-44e0-9ed7-c4ff38a42e30","text":"Customer Agreements","component":"FooterLink","_editable":""},{"url":{"id":"","url":"","linktype":"story","fieldtype":"multilink","cached_url":""},"_uid":"718dc509-b52a-4050-a565-2ed72524f0ff","text":"Sitemap","component":"FooterLink","_editable":""}],"component":"FooterBottom","copyright":"© Copyright 2025 Securin. All Rights Reserved.","_editable":""}],"component":"GlobalFooter","FooterBottom":[{"_uid":"c31edcc5-d2cb-4d2c-b4d6-c91225c9cee8","links":[{"url":{"id":"7fc51f60-331b-42d5-bb41-4b190aca7e66","url":"","linktype":"story","fieldtype":"multilink","cached_url":"privacy-policy"},"_uid":"aa9fd59a-54a5-4be0-881e-566b063eea06","text":"Privacy Policy","component":"FooterLink","_editable":""},{"url":{"id":"b30581f8-32a0-467a-a935-eda15bf6d9e9","url":"","linktype":"story","fieldtype":"multilink","cached_url":"customer-agreements"},"_uid":"b1904ce9-2542-4525-8c04-9c3576c62afa","text":"Customer Agreements","component":"FooterLink","_editable":""}],"component":"FooterBottom","copyright":"© Copyright 2025 Securin. All Rights Reserved.","_editable":""}],"_editable":""}],"component":"Global","_editable":""},"slug":"footer","full_slug":"global/footer","sort_by_date":null,"position":0,"tag_list":[],"is_startpage":false,"parent_id":122408867598516,"meta_data":null,"group_id":"f7518288-834a-4090-94b8-8ef3b2143a8c","first_published_at":"2025-02-26T08:19:02.299Z","release_id":null,"lang":"default","path":null,"alternates":[],"default_full_slug":null,"translated_slugs":null,"_stopResolving":true}],"_editable":""}],"title":"CVE-2023-22952","component":"page","datasheet":{"id":"","url":"","linktype":"story","fieldtype":"multilink","cached_url":""},"metafields":{"_uid":"b0337aeb-a0cb-4d33-a404-50b260abfbed","title":"CVE-2023-22952: XSS in Microsoft Clarity Plugin","plugin":"seo_metatags","og_image":"https://a.storyblok.com/f/313778/1200x1200/1ff571cfe8/securin-thumb.jpg","og_title":"CVE-2021-33850: XSS in Microsoft Clarity Plugin","description":"Securin reports CVE-2021-33850—a stored XSS flaw in Microsoft Clarity v0.3 for WordPress. Learn about the vulnerability, impact, and mitigation steps.","twitter_image":"https://a.storyblok.com/f/313778/1200x1200/1ff571cfe8/securin-thumb.jpg","twitter_title":"CVE-2021-33850: XSS in Microsoft Clarity Plugin","og_description":"Securin reports CVE-2021-33850—a stored XSS flaw in Microsoft Clarity v0.3 for WordPress. Learn about the vulnerability, impact, and mitigation steps.","twitter_description":"Securin reports CVE-2021-33850—a stored XSS flaw in Microsoft Clarity v0.3 for WordPress. Learn about the vulnerability, impact, and mitigation steps."},"overriden_published_date":"2022-12-30 18:51","_editable":""}}]}]