XSS in Vtiger Vtiger_crm

CVE-2011-4670

Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) viewname parameter in a CalendarAjax action, (2) activity_mode parameter in a Det…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.362 (97.2th percentile) — read the EPSS interpretation.

Affected products

Vtiger Vtiger_crm
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

36203 (exploit, Third Party Advisory, VDB Entry, x_refsource_EXPLOIT-DB)
cve@mitre.org (Exploit, x_refsource_MISC)
76006 (x_refsource_OSVDB, vdb-entry, Broken Link)
36204 (exploit, Third Party Advisory, VDB Entry, x_refsource_EXPLOIT-DB)
vtigercrm-index-phprint-xss(70306) (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_XF)
49927 (Exploit, Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
20111004 vTiger CRM 5.2.x <= Multiple Cross Site Scripting Vulnerabilities (mailing-list, x_refsource_BUGTRAQ)
76005 (x_refsource_OSVDB, vdb-entry, Broken Link)
20111004 vTiger CRM 5.2.x <= Multiple Cross Site Scripting Vulnerabilities (mailing-list, Exploit, x_refsource_FULLDISC, Mailing List, Third Party Advisory)