CVE-2011-0911

Cross-site scripting XSS vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is possible that this overlaps CVE-2011-0535...

CVE-2011-0535

Cross-site request forgery CSRF vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit accesspermissions action to index.php...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit accesspermissions action to index.php...

Cross site scripting

Cross-site scripting XSS vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is possible that this overlaps CVE-2011-0535...

CVE-2011-0911

CVE-2011-0911 (NVD entry) : Affected product is Zikula CMS, specifically the Users module, prior to version 1.2.5. It is described as a Cross-site Scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The root cause is not detai...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via 1 the parenttab parameter in an index action to the Products module, as reachable through index.php; 2 the userpassword parameter in an Authenticate action to th...

CVE-2008-3101

Multiple cross-site scripting XSS vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via 1 the parenttab parameter in an index action to the Products module, as reachable through index.php; 2 the userpassword parameter in an Authenticate action to th...

CVE-2008-3101

Multiple cross-site scripting XSS vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via 1 the parenttab parameter in an index action to the Products module, as reachable through index.php; 2 the userpassword parameter in an Authenticate action to th...

CVE-2005-3823

The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function...

CVE-2005-3823

CVE-2005-3823 affects vTiger CRM 4.2 and earlier. The Users module allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to eval. The connected sources provide no explicit remediation details; update/patch information is not inc...

CVE-2005-3823

The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function...