XSS in Vtiger Vtiger_crm

CVE-2013-7326

Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) return_url parameter to modules\com_vtiger_workflow\savetemplate.php, or unspecified vectors to (2) del…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.004 (61.5th percentile) — read the EPSS interpretation.

Affected products

Vtiger Vtiger_crm — versions 5.4.0
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

vtiger-multiple-xss(89662) (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_MISC)
100897 (x_refsource_OSVDB, vdb-entry)
20131211 [SOJOBO-ADV-13-05] - Vtiger 5.4.0 Reflected Cross Site Scripting (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (URL Repurposed, x_refsource_MISC)
64236 (vdb-entry, x_refsource_BID)