CVE Vulnerability

CVE-2008-3101

Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html Exploit
http://www.securityfocus.com/bid/30951 Exploit Patch
http://secunia.com/advisories/31679 Patch Vendor Advisory
http://securityreason.com/securityalert/4208
http://www.vupen.com/english/advisories/2008/2471
https://exchange.xforce.ibmcloud.com/vulnerabilities/44792
http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload&tx_abdownloads_pi1[uid]=128&tx_abdownloads_pi1[category_uid]=5&cHash=e16be773a5
http://www.securityfocus.com/archive/1/495885/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:vtiger:vtiger_crm:5.0.4:*:*:*:*:*:*:*
Information

Published : 2008-09-03 02:12

Updated : 2018-10-11 08:45

NVD link : CVE-2008-3101

Mitre link : CVE-2008-3101

Products Affected
No products.
CWE
CWE-79