Vtiger Crm Security Vulnerabilities and Issues — Vtiger Crm CVE List

Lucene search

VtigerVtiger Crm

3 matches found

CVE•added 2011/12/02 4:55 p.m.•45 views

CVE-2011-4670

Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) viewname parameter in a CalendarAjax action, (2) activity_mode parameter in a DetailView action, (3) contact_id and (4) parent_id parameters ...

4.3CVSS5.9AI score0.15395EPSS

CVE•added 2011/12/07 7:55 p.m.•36 views

CVE-2011-4679

vtiger CRM before 5.3.0 does not properly recognize the disabled status of a field in the Leads module, which allows remote authenticated users to bypass intended access restrictions by reading a previously created report.

4CVSS6.4AI score0.0016EPSS

CVE•added 2011/12/07 7:55 p.m.•35 views

CVE-2011-4680

Multiple cross-site scripting (XSS) vulnerabilities in the customer portal in vtiger CRM before 5.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.00263EPSS