Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3818

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-3818
Last Modified 07 Mar 2011 09:27:12
Published 25 Nov 2005 09:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-3818

Summary

Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a DetailView action in the Leads module for index.php, (3) the $_SERVER['PHP_SELF'] variable, which is used in multiple locations such as index.php, and (4) aggregated RSS feeds in the RSS aggregation module.

Vulnerable Systems

Application

  • Vtiger Crm 4.2


References

VUPEN - ADV-2005-2569

BID - 15562

BUGTRAQ - 20051124 Advisory 23/2005: vTiger multiple vulnerabilities

MISC - http://www.hardened-php.net/advisory_232005.105.html

SECUNIA - 17693

XF - vtiger-rss-xss(23363)

XF - vtiger-multiple-fields-xss(23362)

OSVDB - 21230

OSVDB - 21229

OSVDB - 21228

OSVDB - 21227

SECTRACK - 1015271


Last Updated: 27 May 2016 10:41:04