CVE-2005-3818

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a DetailView action in the Leads module for index.php, (3) the $_SERVER['PHP_SELF'] variable, which is used in multiple locations such as index.php, and (4) aggregated RSS feeds in the RSS aggregation module.

Reference

http://secunia.com/advisories/17693
http://securitytracker.com/id?1015271
http://www.hardened-php.net/advisory_232005.105.html
http://www.osvdb.org/21227
http://www.osvdb.org/21228
http://www.osvdb.org/21229
http://www.osvdb.org/21230
http://www.securityfocus.com/archive/1/417730/30/0/threaded
http://www.securityfocus.com/bid/15562
http://www.vupen.com/english/advisories/2005/2569
https://exchange.xforce.ibmcloud.com/vulnerabilities/23362
https://exchange.xforce.ibmcloud.com/vulnerabilities/23363

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

19-10-2018 - 15:39

Objavljeno

26-11-2005 - 02:03