Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a DetailView action in the Leads module for index.php, (3) the $_SERVER['PHP_SELF'] variable, which is used in multiple locations such as index.php, and (4) aggregated RSS feeds in the RSS aggregation module.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vtiger | Vtiger Crm | <= 4.2 |
References
- http://secunia.com/advisories/17693Vendor Advisory
- http://securitytracker.com/id?1015271
- http://www.hardened-php.net/advisory_232005.105.htmlExploitVendor Advisory
- http://www.osvdb.org/21227
- http://www.osvdb.org/21228
- http://www.osvdb.org/21229
- http://www.osvdb.org/21230
- http://www.securityfocus.com/archive/1/417730/30/0/threaded
- http://www.securityfocus.com/bid/15562Exploit
- http://www.vupen.com/english/advisories/2005/2569
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23362
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23363
- http://secunia.com/advisories/17693Vendor Advisory
- http://securitytracker.com/id?1015271
- http://www.hardened-php.net/advisory_232005.105.htmlExploitVendor Advisory
FAQ
What is CVE-2005-3818?
CVE-2005-3818 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) various input fields, including the contact, lea...
How severe is CVE-2005-3818?
CVE-2005-3818 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3818?
Check the references section above for vendor advisories and patch information. Affected products include: Vtiger Vtiger Crm.