Details of VAR-E-201110-0025

ID

VAR-E-201110-0025

EDB ID

36255

TITLE

vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities (2) - PHP webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 36255

DESCRIPTION

vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities (2).. webapps exploit for PHP platform

Trust: 0.6

sources: EXPLOIT-DB: 36255

AFFECTED PRODUCTS

vendor:

vtiger

model:

crm

scope:

version:

5.2.1

Trust: 1.3

sources: BID: 50364 // EXPLOIT-DB: 36255

EXPLOIT

source: https://www.securityfocus.com/bid/50364/info

vtiger CRM is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

vtiger CRM 5.2.1 is vulnerable; other versions may also be affected.

http://www.example.com/modules/mobile/index.php?_operation="><script>alert(1)</script>
http://www.example.com/modules/mobile/index.php?_operation=listModuleRecords&module=Services&search="><script>alert(1)</script>

Trust: 1.0

sources: EXPLOIT-DB: 36255

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 36255

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 36255

TYPE

'index.php' Multiple Cross-Site Scripting Vulnerabilities (2)

Trust: 1.0

sources: EXPLOIT-DB: 36255

CREDITS

LiquidWorm

Trust: 0.6

sources: EXPLOIT-DB: 36255

EXTERNAL IDS

db:	EXPLOIT-DB	id:	36255	Trust: 1.9
db:	BID	id:	50364	Trust: 1.9
db:	EDBNET	id:	57607	Trust: 0.6

sources: BID: 50364 // EXPLOIT-DB: 36255 // EDBNET: 57607

REFERENCES

url:	https://www.securityfocus.com/bid/50364/info	Trust: 1.0
url:	https://www.exploit-db.com/exploits/36255/	Trust: 0.6
url:	https://www.exploit-db.com/exploits/36255	Trust: 0.3

sources: BID: 50364 // EXPLOIT-DB: 36255 // EDBNET: 57607

SOURCES

db:	BID	id:	50364
db:	EXPLOIT-DB	id:	36255
db:	EDBNET	id:	57607

LAST UPDATE DATE

2022-07-27T09:22:15.820000+00:00

SOURCES UPDATE DATE

db:

BID

id:

50364

date:

2011-10-26T00:00:00

SOURCES RELEASE DATE

db:	BID	id:	50364	date:	2011-10-26T00:00:00
db:	EXPLOIT-DB	id:	36255	date:	2011-10-26T00:00:00
db:	EDBNET	id:	57607	date:	2011-10-26T00:00:00