Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3101


Vulnerability Score 4.3 4.3
CVE Id CVE-2008-3101
Last Modified 07 Mar 2011 10:10:12
Published 03 Sep 2008 10:12:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php.

Vulnerable Systems


  • Vtiger Crm 5.0.4


BID - 30951

SECUNIA - 31679

XF - vtigercrm-index-xss(44792)

VUPEN - ADV-2008-2471

MISC -[action]=getviewdetailsfordownload&tx_abdownloads_pi1[uid]=128&tx_abdownloads_pi1[category_uid]=5&cHash=e16be773a5

BUGTRAQ - 20080901 Multiple Cross Site Scripting (XSS) Vulnerabilities in vtigerCRM 5.0.4, CVE-2008-3101


SREASON - 4208

Last Updated: 27 May 2016 10:48:04