4.3

CVE-2005-3818

Exploit

EPSS 1.96%
Veröffentlicht 26.11.2005 02:03:00
Zuletzt bearbeitet 16.04.2026 00:27:16
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a DetailView action in the Leads module for index.php, (3) the $_SERVER['PHP_SELF'] variable, which is used in multiple locations such as index.php, and (4) aggregated RSS feeds in the RSS aggregation module.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 15

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Vtiger ≫ Vtiger Crm Version <= 4.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.96%	0.831

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://secunia.com/advisories/17693

Vendor Advisory

http://securitytracker.com/id?1015271

http://www.hardened-php.net/advisory_232005.105.html

Vendor Advisory

Exploit

http://www.osvdb.org/21227

http://www.osvdb.org/21228

http://www.osvdb.org/21229

http://www.osvdb.org/21230

http://www.securityfocus.com/archive/1/417730/30/0/threaded

http://www.securityfocus.com/bid/15562

Exploit

http://www.vupen.com/english/advisories/2005/2569

https://exchange.xforce.ibmcloud.com/vulnerabilities/23362

https://exchange.xforce.ibmcloud.com/vulnerabilities/23363

https://nvd.nist.gov/vuln/detail/CVE-2005-3818

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-3818

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-3818

EUVD