Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-7326

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-7326
Last Modified 21 Feb 2014 12:06:05
Published 14 Feb 2014 02:55:26
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-7326

Summary

Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) return_url parameter to modules\com_vtiger_workflow\savetemplate.php, or unspecified vectors to (2) deletetask.php, (3) edittask.php, (4) savetask.php, or (5) saveworkflow.php.

Vulnerable Systems

Application

  • Vtiger Crm 5.4.0


References

XF - vtiger-multiple-xss(89662)

MISC - http://www.enkomio.com/Advisory/SOJOBO-ADV-13-05

MISC - http://packetstormsecurity.com/files/124402

OSVDB - 100897

BUGTRAQ - 20131211 [SOJOBO-ADV-13-05] - Vtiger 5.4.0 Reflected Cross Site Scripting

BID - 64236


Last Updated: 27 May 2016 11:04:28