CVE-2005-3818
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/11/2005
Last modified:
03/04/2025
Description
Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a DetailView action in the Leads module for index.php, (3) the $_SERVER['PHP_SELF'] variable, which is used in multiple locations such as index.php, and (4) aggregated RSS feeds in the RSS aggregation module.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:* | 4.2 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/17693
- http://securitytracker.com/id?1015271=
- http://www.hardened-php.net/advisory_232005.105.html
- http://www.osvdb.org/21227
- http://www.osvdb.org/21228
- http://www.osvdb.org/21229
- http://www.osvdb.org/21230
- http://www.securityfocus.com/archive/1/417730/30/0/threaded
- http://www.securityfocus.com/bid/15562
- http://www.vupen.com/english/advisories/2005/2569
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23362
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23363
- http://secunia.com/advisories/17693
- http://securitytracker.com/id?1015271=
- http://www.hardened-php.net/advisory_232005.105.html
- http://www.osvdb.org/21227
- http://www.osvdb.org/21228
- http://www.osvdb.org/21229
- http://www.osvdb.org/21230
- http://www.securityfocus.com/archive/1/417730/30/0/threaded
- http://www.securityfocus.com/bid/15562
- http://www.vupen.com/english/advisories/2005/2569
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23362
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23363