XSS in Vtiger Vtiger_crm

CVE-2010-3911

Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the username (aka default_user_name) field or (2) the password field in a Users Login acti…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.004 (58.9th percentile) — read the EPSS interpretation.

Affected products

Vtiger Vtiger_crm — versions 5.0.3, 4.0.1, 5.0.4
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_MISC)
42246 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
cve@mitre.org (x_refsource_MISC)
20101116 Vtiger CRM 5.2.0 Multiple Vulnerabilities (mailing-list, x_refsource_BUGTRAQ)