ID

VAR-190001-0882


TITLE

Multiple cross-site scripting vulnerabilities in vtiger CRM 'index.php'

Trust: 0.6

sources: CNVD: CNVD-2011-4525

DESCRIPTION

Vtiger CRM is a web-based open source customer relationship management system. There are multiple cross-site scripting vulnerabilities in vtiger CRM. Because the program fails to properly filter user-supplied input, an attacker could exploit this vulnerability to execute arbitrary script code in a trusted user's browser in the affected site context, stealing cookie-based authentication and initiating other attacks. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. vtiger CRM 5.2.1 is vulnerable; other versions may also be affected. vtiger CRM is a free, full-featured, 100% Open Source CRM softwareideal for small and medium businesses, with low-cost product support availableto production users that need reliable support.vtiger CRM suffers from a XSS vulnerability when parsing user input tothe '_operation' and 'search' parameters via GET method in '/modules/mobile/index.php'script. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: vtiger CRM "default_user_name" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42304 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42304/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42304 RELEASE DATE: 2010-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/42304/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42304/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42304 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in vtiger CRM, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "default_user_name" parameter to index.php (when "module" is set to "Users" and "action" is set to "Login") is not properly sanitised in modules/Users/Login.php before being returned to the user. The vulnerability is confirmed in version 5.2.1. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Giovanni "evilaliv3" Pellerano and Alessandro "jekil" Tanasi ORIGINAL ADVISORY: Giovanni Pellerano and Alessandro Tanasi: http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.17

sources: CNVD: CNVD-2011-4525 // BID: 50364 // IVD: 43e3f220-1f82-11e6-abef-000c29c66e3d // ZSL: ZSL-2011-5052 // PACKETSTORM: 95960

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 43e3f220-1f82-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-4525

AFFECTED PRODUCTS

vendor:vtigermodel:crmscope:eqversion:5.2.1

Trust: 1.2

sources: ZSL: ZSL-2011-5052 // IVD: 43e3f220-1f82-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-4525 // BID: 50364

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD: 43e3f220-1f82-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

ZSL: ZSL-2011-5052
value: (3/5)

Trust: 0.1

IVD: 43e3f220-1f82-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

sources: ZSL: ZSL-2011-5052 // IVD: 43e3f220-1f82-11e6-abef-000c29c66e3d

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201110-651

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 95960 // CNNVD: CNNVD-201110-651

EXPLOIT AVAILABILITY

sources: ZSL: ZSL-2011-5052

EXTERNAL IDS

db:BIDid:50364

Trust: 1.6

db:CNVDid:CNVD-2011-4525

Trust: 0.8

db:CNNVDid:CNNVD-201110-651

Trust: 0.6

db:SECUNIAid:42304

Trust: 0.2

db:IVDid:43E3F220-1F82-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:CXSECURITYid:WLB-2011100099

Trust: 0.1

db:XFid:70983

Trust: 0.1

db:PACKETSTORMid:106229

Trust: 0.1

db:ZSLid:ZSL-2011-5052

Trust: 0.1

db:PACKETSTORMid:95960

Trust: 0.1

sources: ZSL: ZSL-2011-5052 // IVD: 43e3f220-1f82-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-4525 // BID: 50364 // PACKETSTORM: 95960 // CNNVD: CNNVD-201110-651

REFERENCES

url:http://www.securityfocus.com/bid/50364

Trust: 0.7

url:http://www.securityfocus.com/bid/50364/info

Trust: 0.6

url:www.vtiger.de

Trust: 0.3

url:http://secunia.com/advisories/42304/

Trust: 0.2

url:http://wiki.vtiger.com/index.php/vtiger530:release_notes

Trust: 0.1

url:http://www.exploit-db.com/ghdb/3737/

Trust: 0.1

url:http://packetstormsecurity.org/files/106229

Trust: 0.1

url:http://securityreason.com/wlb_show/wlb-2011100099

Trust: 0.1

url:http://xforce.iss.net/xforce/xfdb/70983

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=42304

Trust: 0.1

url:http://secunia.com/products/corporate/evm/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/products/corporate/vim/

Trust: 0.1

url:http://secunia.com/advisories/42304/#comments

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: ZSL: ZSL-2011-5052 // CNVD: CNVD-2011-4525 // BID: 50364 // PACKETSTORM: 95960 // CNNVD: CNNVD-201110-651

CREDITS

Gjoko 'LiquidWorm' Krstic

Trust: 0.9

sources: BID: 50364 // CNNVD: CNNVD-201110-651

SOURCES

db:ZSLid:ZSL-2011-5052
db:IVDid:43e3f220-1f82-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-4525
db:BIDid:50364
db:PACKETSTORMid:95960
db:CNNVDid:CNNVD-201110-651

LAST UPDATE DATE

2022-10-19T22:28:26.417000+00:00


SOURCES UPDATE DATE

db:ZSLid:ZSL-2011-5052date:2011-10-27T00:00:00
db:CNVDid:CNVD-2011-4525date:2011-10-27T00:00:00
db:BIDid:50364date:2011-10-26T00:00:00
db:CNNVDid:CNNVD-201110-651date:2011-10-28T00:00:00

SOURCES RELEASE DATE

db:ZSLid:ZSL-2011-5052date:2011-10-26T00:00:00
db:IVDid:43e3f220-1f82-11e6-abef-000c29c66e3ddate:2011-10-27T00:00:00
db:CNVDid:CNVD-2011-4525date:2011-10-27T00:00:00
db:BIDid:50364date:2011-10-26T00:00:00
db:PACKETSTORMid:95960date:2010-11-18T04:41:31
db:CNNVDid:CNNVD-201110-651date:1900-01-01T00:00:00