CVE-2008-3101 in CRMinfo

Summary

Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

07/09/2008

Disclosure

09/03/2008

Moderation

VulDB entry created

Entries

1: VDB-43868

CPE

ready

CWE

CWE-79 (Confirmed)

Exploit

Download

CVSS

4.3

EPSS

0.07323

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2008-3101
NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-3101
CVE Details	https://www.cvedetails.com/cve/CVE-2008-3101/

◂ Previous Overview Next ▸