Details of VAR-E-201110-0022

ID

VAR-E-201110-0022

CVE

cve_id:

CVE-2011-4670

Trust: 1.9

sources: BID: 49927 // EXPLOIT-DB: 36204 // EDBNET: 57561

EDB ID

36204

TITLE

vTiger CRM 5.2.1 - 'PHPrint.php' Multiple Cross-Site Scripting Vulnerabilities - PHP webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 36204

DESCRIPTION

vTiger CRM 5.2.1 - 'PHPrint.php' Multiple Cross-Site Scripting Vulnerabilities. CVE-2011-4670CVE-76006 . webapps exploit for PHP platform

Trust: 0.6

sources: EXPLOIT-DB: 36204

AFFECTED PRODUCTS

vendor:

vtiger

model:

crm

scope:

version:

5.2.1

Trust: 1.3

sources: BID: 49927 // EXPLOIT-DB: 36204

EXPLOIT

source: https://www.securityfocus.com/bid/49927/info

vtiger CRM is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

vtiger CRM 5.2.1 is vulnerable; other versions may also be affected.

/phprint.php?module=Home&action=--><script>alert(/xss/)</script>&parenttab=MyHome Page"><script>alert(0)</script>&jt=

/phprint.php?module=--><script>alert(/xss/)</script>&action=index&parenttab=My%20Home%20Page&jt=

Trust: 1.0

sources: EXPLOIT-DB: 36204

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 36204

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 36204

TYPE

'PHPrint.php' Multiple Cross-Site Scripting Vulnerabilities

Trust: 1.0

sources: EXPLOIT-DB: 36204

CREDITS

Aung Khant

Trust: 0.6

sources: EXPLOIT-DB: 36204

EXTERNAL IDS

db:	NVD	id:	CVE-2011-4670	Trust: 1.9
db:	EXPLOIT-DB	id:	36204	Trust: 1.9
db:	BID	id:	49927	Trust: 1.9
db:	EDBNET	id:	57561	Trust: 0.6

sources: BID: 49927 // EXPLOIT-DB: 36204 // EDBNET: 57561

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2011-4670	Trust: 1.6
url:	https://www.securityfocus.com/bid/49927/info	Trust: 1.0
url:	https://www.exploit-db.com/exploits/36204/	Trust: 0.6
url:	https://www.exploit-db.com/exploits/36203	Trust: 0.3
url:	https://www.exploit-db.com/exploits/36204	Trust: 0.3
url:	http://seclists.org/fulldisclosure/2011/oct/154	Trust: 0.3

sources: BID: 49927 // EXPLOIT-DB: 36204 // EDBNET: 57561

SOURCES

db:	BID	id:	49927
db:	EXPLOIT-DB	id:	36204
db:	EDBNET	id:	57561

LAST UPDATE DATE

2022-07-27T09:30:28.118000+00:00

SOURCES UPDATE DATE

db:

BID

id:

49927

date:

2011-12-06T19:37:00

SOURCES RELEASE DATE

db:	BID	id:	49927	date:	2011-10-04T00:00:00
db:	EXPLOIT-DB	id:	36204	date:	2011-10-04T00:00:00
db:	EDBNET	id:	57561	date:	2011-10-04T00:00:00