vTiger CRM Multiple Script $_SERVER['PHP_SELF'] Variable XSS

2005-11-24T08:33:15
ID OSVDB:21228
Type osvdb
Reporter Christopher Kunz(christopher.kunz@hardened-php.net)
Modified 2005-11-24T08:33:15

Description

Vulnerability Description

vTiger CRM contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "$_SERVER['PHP_SELF']" variable upon submission to multiple scripts. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

vTiger CRM contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "$_SERVER['PHP_SELF']" variable upon submission to multiple scripts. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/index.php/%22%3E%3Cscript%3Ealert('xss')%3C/script%3E/?[params]

References:

Vendor URL: http://www.vtiger.com/ Security Tracker: 1015271 Secunia Advisory ID:17693 Related OSVDB ID: 21226 Related OSVDB ID: 21224 Related OSVDB ID: 21229 Related OSVDB ID: 21230 Related OSVDB ID: 21227 Related OSVDB ID: 21223 Related OSVDB ID: 21225 Other Advisory URL: http://www.hardened-php.net/advisory_232005.105.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0835.html ISS X-Force ID: 23362 CVE-2005-3818 Bugtraq ID: 15562