CVE-2008-3101

Exploit

EPSS 7.32%
Veröffentlicht 03.09.2008 14:12:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Vtiger ≫ Vtiger Crm Version5.0.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	7.32%	0.912

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://secunia.com/advisories/31679

Patch

Vendor Advisory

http://securityreason.com/securityalert/4208

http://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html

Exploit

http://www.securityfocus.com/archive/1/495885/100/0/threaded

http://www.securityfocus.com/bid/30951

Patch

Exploit

http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1%5Baction%5D=getviewdetailsfordownload&tx_abdownloads_pi1%5Buid%5D=128&tx_abdownloads_pi1%5Bcategory_uid%5D=5&cHash=e16be773a5

http://www.vupen.com/english/advisories/2008/2471

https://exchange.xforce.ibmcloud.com/vulnerabilities/44792

https://nvd.nist.gov/vuln/detail/CVE-2008-3101

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-3101

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-3101

EUVD