|
|
CVE Reference: CVE-2008-3101 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-3101 |
|
|
Description: Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/44792 SREASON http://securityreason.com/securityalert/4208 SAID Secunia Advisory: SA31679 MISC http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload&tx_abdownloads_pi1[uid]=128&tx_abdownloads_pi1[category_uid]=5&cHash=e16be773a5 http://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/495885/100/0/threaded BID 30951 |
|
| Return to the previous page. |
