Vtiger Crm Security Vulnerabilities and Issues — Vtiger Crm CVE List

Lucene search

VtigerVtiger Crm

4 matches found

CVE•added 2011/12/02 4:55 p.m.•45 views

CVE-2011-4670

Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) viewname parameter in a CalendarAjax action, (2) activity_mode parameter in a DetailView action, (3) contact_id and (4) parent_id parameters ...

4.3CVSS5.9AI score0.15395EPSS

CVE•added 2011/11/28 9:55 p.m.•44 views

CVE-2011-4559

SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php.

7.5CVSS8.6AI score0.01091EPSS

CVE•added 2011/12/07 7:55 p.m.•36 views

CVE-2011-4679

vtiger CRM before 5.3.0 does not properly recognize the disabled status of a field in the Leads module, which allows remote authenticated users to bypass intended access restrictions by reading a previously created report.

4CVSS6.4AI score0.0016EPSS

CVE•added 2011/12/07 7:55 p.m.•35 views

CVE-2011-4680

Multiple cross-site scripting (XSS) vulnerabilities in the customer portal in vtiger CRM before 5.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.00263EPSS