Vulnerabilities > CVE-2005-3818 - Input Validation vulnerability in VTiger CRM
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a DetailView action in the Leads module for index.php, (3) the $_SERVER['PHP_SELF'] variable, which is used in multiple locations such as index.php, and (4) aggregated RSS feeds in the RSS aggregation module.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 20 |
Exploit-Db
description vtiger CRM 4.2 RSS Aggregation Module Feed XSS. CVE-2005-3818. Webapps exploit for php platform id EDB-ID:26585 last seen 2016-02-03 modified 2005-11-24 published 2005-11-24 reporter Christopher Kunz source https://www.exploit-db.com/download/26585/ title vtiger CRM 4.2 RSS Aggregation Module Feed XSS description vtiger CRM 4.2 Leads Module record Parameter XSS. CVE-2005-3818. Webapps exploit for php platform id EDB-ID:26584 last seen 2016-02-03 modified 2005-11-24 published 2005-11-24 reporter Christopher Kunz source https://www.exploit-db.com/download/26584/ title vtiger CRM 4.2 Leads Module record Parameter XSS
Nessus
NASL family | CGI abuses |
NASL id | VTIGER_FLAWS.NASL |
description | The remote version of this software is prone to arbitrary code execution, directory traversal, SQL injection (allowing authentication bypass), cross-site scripting attacks. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 20317 |
published | 2005-12-16 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/20317 |
title | vTiger < 4.5a2 Multiple Vulnerabilities |
code |
|
References
- http://secunia.com/advisories/17693
- http://securitytracker.com/id?1015271
- http://www.hardened-php.net/advisory_232005.105.html
- http://www.osvdb.org/21227
- http://www.osvdb.org/21228
- http://www.osvdb.org/21229
- http://www.osvdb.org/21230
- http://www.securityfocus.com/archive/1/417730/30/0/threaded
- http://www.securityfocus.com/bid/15562
- http://www.vupen.com/english/advisories/2005/2569
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23362
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23363