CVE-2005-3818
CVE-2005-3818
Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a DetailView action in the Leads module for index.php, (3) the $_SERVER['PHP_SELF'] variable, which is used in multiple locations such as index.php, and (4) aggregated RSS feeds in the RSS aggregation module.
Affected products
n/a · n/apublic PoCs found — 2
exploitdbwww.exploit-db.com/exploits/26584unverifiedexploitdbwww.exploit-db.com/exploits/26585unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://secunia.com/advisories/17693http://securitytracker.com/id?1015271https://exchange.xforce.ibmcloud.com/vulnerabilities/23362https://exchange.xforce.ibmcloud.com/vulnerabilities/23363http://www.hardened-php.net/advisory_232005.105.htmlhttp://www.osvdb.org/21227http://www.osvdb.org/21228http://www.osvdb.org/21229http://www.osvdb.org/21230http://www.securityfocus.com/archive/1/417730/30/0/threadedhttp://www.securityfocus.com/bid/15562http://www.vupen.com/english/advisories/2005/2569