← voltar
CVE-2005-3818

CVE-2005-3818

EPSS 5.1%
Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a DetailView action in the Leads module for index.php, (3) the $_SERVER['PHP_SELF'] variable, which is used in multiple locations such as index.php, and (4) aggregated RSS feeds in the RSS aggregation module.
Produtos afetados
n/a · n/a
PoCs públicas encontradas2
exploitdbwww.exploit-db.com/exploits/26584não verificadoexploitdbwww.exploit-db.com/exploits/26585não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://secunia.com/advisories/17693http://securitytracker.com/id?1015271https://exchange.xforce.ibmcloud.com/vulnerabilities/23362https://exchange.xforce.ibmcloud.com/vulnerabilities/23363http://www.hardened-php.net/advisory_232005.105.htmlhttp://www.osvdb.org/21227http://www.osvdb.org/21228http://www.osvdb.org/21229http://www.osvdb.org/21230http://www.securityfocus.com/archive/1/417730/30/0/threadedhttp://www.securityfocus.com/bid/15562http://www.vupen.com/english/advisories/2005/2569