4.2.4

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

vtiger

NVD

Published: 2006-09-06

Updated: 2011-03-08

Summary

Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) description parameter in unspecified modules or the (2) solution parameter in the HelpDesk module.

Vulnerable Configurations

Part	Description	Count
Application	Vtiger Vtiger Vtiger CRM 4.2 Vtiger Vtiger CRM 4.2.4	2

References

http://secunia.com/advisories/21728
http://www.osvdb.org/28460
http://www.osvdb.org/28461
http://www.securityfocus.com/bid/19829
http://www.security-net.biz/adv/D3906a.txt
http://www.vupen.com/english/advisories/2006/3444