Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3101

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-3101
Last Modified 07 Mar 2011 10:10:12
Published 03 Sep 2008 10:12:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3101

Summary

Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php.

Vulnerable Systems

Application

  • Vtiger Crm 5.0.4


References

BID - 30951

SECUNIA - 31679

XF - vtigercrm-index-xss(44792)

VUPEN - ADV-2008-2471

MISC - http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload&tx_abdownloads_pi1[uid]=128&tx_abdownloads_pi1[category_uid]=5&cHash=e16be773a5

BUGTRAQ - 20080901 Multiple Cross Site Scripting (XSS) Vulnerabilities in vtigerCRM 5.0.4, CVE-2008-3101

MISC - http://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html

SREASON - 4208


Last Updated: 27 May 2016 10:48:04