4.3
CVE-2011-4680
- EPSS 0.26%
- Veröffentlicht 07.12.2011 19:55:02
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginMultiple cross-site scripting (XSS) vulnerabilities in the customer portal in vtiger CRM before 5.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Vtiger ≫ Vtiger Crm Version <= 5.1.0
Vtiger ≫ Vtiger Crm Version1.0
Vtiger ≫ Vtiger Crm Version2.0
Vtiger ≫ Vtiger Crm Version2.0.1
Vtiger ≫ Vtiger Crm Version2.1
Vtiger ≫ Vtiger Crm Version3
Vtiger ≫ Vtiger Crm Version3.0
Vtiger ≫ Vtiger Crm Version3.0 Updatebeta
Vtiger ≫ Vtiger Crm Version3.2
Vtiger ≫ Vtiger Crm Version4
Vtiger ≫ Vtiger Crm Version4 Updatebeta
Vtiger ≫ Vtiger Crm Version4 Updatebeta Langit
Vtiger ≫ Vtiger Crm Version4 Updaterc1
Vtiger ≫ Vtiger Crm Version4.0
Vtiger ≫ Vtiger Crm Version4.0.1
Vtiger ≫ Vtiger Crm Version4.2
Vtiger ≫ Vtiger Crm Version4.2 Editionvalidation
Vtiger ≫ Vtiger Crm Version4.2 Updatepatch1
Vtiger ≫ Vtiger Crm Version4.2.4
Vtiger ≫ Vtiger Crm Version5.0.0
Vtiger ≫ Vtiger Crm Version5.0.2
Vtiger ≫ Vtiger Crm Version5.0.3
Vtiger ≫ Vtiger Crm Version5.0.4
Vtiger ≫ Vtiger Crm Version5.0.4 Updaterc
Vtiger ≫ Vtiger Crm Version5.1.0 Updaterc
Vtiger ≫ Vtiger Crm Version5.2.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.467 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.