CVE-2008-3101

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php.

Reference

http://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html
http://www.securityfocus.com/bid/30951
http://secunia.com/advisories/31679
http://securityreason.com/securityalert/4208
http://www.vupen.com/english/advisories/2008/2471
https://exchange.xforce.ibmcloud.com/vulnerabilities/44792
http://www.securityfocus.com/archive/1/495885/100/0/threaded
http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1%5Baction%5D=getviewdetailsfordownload&tx_abdownloads_pi1%5Buid%5D=128&tx_abdownloads_pi1%5Bcategory_uid%5D=5&cHash=e16be773a5

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

07-11-2023 - 02:02

Objavljeno

03-09-2008 - 14:12