CVE-2005-3818

Vtiger Crm < 4.2 - XSS

Title source: rule
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a DetailView action in the Leads module for index.php, (3) the $_SERVER['PHP_SELF'] variable, which is used in multiple locations such as index.php, and (4) aggregated RSS feeds in the RSS aggregation module.

Exploits (2)

exploitdb WRITEUP VERIFIED
by Christopher Kunz · textwebappsphp
https://www.exploit-db.com/exploits/26585
exploitdb WRITEUP VERIFIED
by Christopher Kunz · textwebappsphp
https://www.exploit-db.com/exploits/26584

References (12)

Core 12
Core References
Exploit, Vendor Advisory x_refsource_misc
http://www.hardened-php.net/advisory_232005.105.html
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15562
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21228
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/23363
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2569
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015271
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/417730/30/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21227
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17693
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21230
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21229
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/23362

Scores

EPSS 0.0196
EPSS Percentile 83.6%

Details

Status published
Products (1)
vtiger/vtiger_crm < 4.2
Published Nov 26, 2005
Tracked Since Feb 18, 2026