ID
VAR-E-201104-0173
EDB ID
35577
TITLE
vTiger CRM 5.2.1 - 'vtigerservice.php' Cross-Site Scripting - PHP webapps Exploit
Trust: 0.6
DESCRIPTION
vTiger CRM 5.2.1 - 'vtigerservice.php' Cross-Site Scripting.. webapps exploit for PHP platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | vtiger | model: | crm | scope: | eq | version: | 5.2.1 | Trust: 1.9 |
EXPLOIT
source: https://www.securityfocus.com/bid/47267/info
vtiger CRM is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
vtiger CRM 5.2.1 is vulnerable; other versions may also be affected.
http://www.example.com/vtigercrm/vtigerservice.php?service=%3Cscript%3Ealert%280%29%3C/script%3E
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
'vtigerservice.php' Cross-Site Scripting
Trust: 1.0
CREDITS
AutoSec Tools
Trust: 0.6
EXTERNAL IDS
| db: | BID | id: | 47267 | Trust: 1.9 |
| db: | EXPLOIT-DB | id: | 35577 | Trust: 1.6 |
| db: | EDBNET | id: | 56742 | Trust: 0.6 |
REFERENCES
| url: | https://www.securityfocus.com/bid/47267/info | Trust: 1.0 |
| url: | https://www.exploit-db.com/exploits/35577/ | Trust: 0.6 |
| url: | http://www.vtiger.com/ | Trust: 0.3 |
SOURCES
| db: | BID | id: | 47267 |
| db: | EXPLOIT-DB | id: | 35577 |
| db: | EDBNET | id: | 56742 |
LAST UPDATE DATE
2022-07-27T09:54:43.537000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 47267 | date: | 2011-04-07T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 47267 | date: | 2011-04-07T00:00:00 |
| db: | EXPLOIT-DB | id: | 35577 | date: | 2011-04-07T00:00:00 |
| db: | EDBNET | id: | 56742 | date: | 2011-04-07T00:00:00 |