Secunia
Login
|
|
CVE Reference: CVE-2010-3911 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2010-3911 |
|
|
Description: Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the username (aka default_user_name) field or (2) the password field in a Users Login action to index.php, or (3) the label parameter in a Settings GetFieldInfo action to index.php, related to modules/Settings/GetFieldInfo.php. |
|
|
CVE Status: Candidate |
|
|
References: SAID Secunia Advisory: SA42246 MISC http://vtiger.com/blogs/2010/11/16/vtiger-crm-521-is-released/ http://wiki.vtiger.com/index.php/Vtiger521:Release_Notes http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/514846/100/0/threaded |
|
| Return to the previous page. |
