Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0266

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-0266
Last Modified 05 Sep 2008 04:45:48
Published 01 Jan 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-0266

Summary

Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X allows remote attackers to inject arbitrary web script or HTML via the (1) return_module, (2) return_action, (3) name, (4) module, or (5) record parameter.

Vulnerable Systems

Application

  • Sugarcrm 1.0

  • Sugarcrm 1.0f

  • Sugarcrm 1.0g

  • Sugarcrm 1.1

  • Sugarcrm 1.1a

  • Sugarcrm 1.1b

  • Sugarcrm 1.1c

  • Sugarcrm 1.1d

  • Sugarcrm 1.1e

  • Sugarcrm 1.1f

  • Sugarcrm 1.5d

  • Sugarcrm 2.0.1

  • Sugarcrm 2.0.1a


References

BUGTRAQ - 20050101 Cross Site Scripting Vulnerabilities and Possible Code Execution

XF - sugar-sales-index-xss(18719)

BID - 12113


Last Updated: 27 May 2016 10:39:44