Details of VAR-200809-0406

ID

VAR-200809-0406

CVE

CVE-2008-3101

TITLE

vtiger CRM Multiple Cross-Site Scripting Vulnerabilities

Trust: 0.9

sources: BID: 30951 // CNNVD: CNNVD-200809-021

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php. vtiger CRM Contains a cross-site scripting vulnerability.Any third party, through the following parameters, Web Script or HTML May be inserted. vtiger CRM is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. vtiger CRM 5.0.4 is vulnerable; other versions may also be affected. There is a cross-site scripting vulnerability in the Activities module of vtiger CRM version 5.0.4. NOTE: The query_string vector has been covered by CVE-2008-3101.3. The application is vulnerable to simple Cross Site Scripting, which can be used for several isues Example Assuming vtigerCRM is installed on http://localhost/vtigercrm/, one can inject JavaScript with: http://localhost/vtigercrm/index.php?module=Products&action=index&parenttab="><script>alert(1);</script> http://localhost/vtigercrm/index.php?module=Users&action=Authenticate&user_password="><script>alert(1);</script> http://localhost/vtigercrm/index.php?module=Home&action=UnifiedSearch&query_string="><script>alert(1);</script> Workaround/Fix vtiger CRM Security Patch for 5.0.4 [1] Disclosure Timeline 2008-07-28 Vendor contacted 2008-07-28 Vendor fixed issue in test environment 2008-07-30 Vender released patch 2008-07-30 Vendor dev statet they'll release a second patch within days 2008-09-01 published advisory, no second patch from upstream yet CVE Information The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-3101 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. Credits and copyright This vulnerability was discovered by Fabian Fingerle [2] (published with help from Hanno Boeck [3]). It's licensed under the creative commons attribution license [4]. Fabian Fingerle, 2008-09-01 [1] http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload&tx_abdownloads_pi1[uid]=128&tx_abdownloads_pi1[category_uid]=5&cHash=e16be773a5 [2] http://www.fabian-fingerle.de [3] http://www.hboeck.de [4] http://creativecommons.org/licenses/by/3.0/de/ -- _GPG_ 3D17 CAC8 1955 1908 65ED 5C51 FDA3 6A09 AB41 AB85 _chaos events near stuttgart_ www.datensalat.eu . Successful exploitation of this vulnerability requires that the target user has valid user credentials. The vulnerabilities are confirmed in version 5.0.4. SOLUTION: Apply the vendor's official patch: http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1%5Baction%5D=getviewdetailsfordownload&tx_abdownloads_pi1%5Buid%5D=128&tx_abdownloads_pi1%5Bcategory_uid%5D=5&cHash=e16be773a5 PROVIDED AND/OR DISCOVERED BY: Fabian Fingerle ORIGINAL ADVISORY: http://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.43

sources: NVD: CVE-2008-3101 // JVNDB: JVNDB-2008-006000 // BID: 31055 // BID: 30951 // VULHUB: VHN-33226 // PACKETSTORM: 69548 // PACKETSTORM: 69521

AFFECTED PRODUCTS

vendor:	vtiger	model:	crm	scope:	eq	version:	5.0.4	Trust: 2.7
vendor:	hypersilence	model:	silentum loginsys	scope:	eq	version:	1.0	Trust: 0.3

sources: BID: 31055 // BID: 30951 // JVNDB: JVNDB-2008-006000 // CNNVD: CNNVD-200809-021 // NVD: CVE-2008-3101

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-3101
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2008-3101
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200809-021
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-33226
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2008-3101
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-33226
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-33226 // JVNDB: JVNDB-2008-006000 // CNNVD: CNNVD-200809-021 // NVD: CVE-2008-3101

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-33226 // JVNDB: JVNDB-2008-006000 // NVD: CVE-2008-3101

THREAT TYPE

network

Trust: 0.6

sources: BID: 31055 // BID: 30951

TYPE

xss

Trust: 0.8

sources: PACKETSTORM: 69548 // PACKETSTORM: 69521 // CNNVD: CNNVD-200809-021

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-006000

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-33226

PATCH

title:

vtiger CRM

url:

https://www.vtiger.com/crm/

Trust: 0.8

sources: JVNDB: JVNDB-2008-006000

EXTERNAL IDS

db:	NVD	id:	CVE-2008-3101	Trust: 3.3
db:	BID	id:	30951	Trust: 2.0
db:	SECUNIA	id:	31679	Trust: 1.9
db:	SREASON	id:	4208	Trust: 1.7
db:	VUPEN	id:	ADV-2008-2471	Trust: 1.7
db:	JVNDB	id:	JVNDB-2008-006000	Trust: 0.8
db:	XF	id:	44792	Trust: 0.6
db:	BUGTRAQ	id:	20080901 MULTIPLE CROSS SITE SCRIPTING (XSS) VULNERABILITIES IN VTIGERCRM 5.0.4, CVE-2008-3101	Trust: 0.6
db:	CNNVD	id:	CNNVD-200809-021	Trust: 0.6
db:	BID	id:	31055	Trust: 0.4
db:	PACKETSTORM	id:	69548	Trust: 0.2
db:	SEEBUG	id:	SSVID-85602	Trust: 0.1
db:	EXPLOIT-DB	id:	32307	Trust: 0.1
db:	VULHUB	id:	VHN-33226	Trust: 0.1
db:	PACKETSTORM	id:	69521	Trust: 0.1

sources: VULHUB: VHN-33226 // BID: 31055 // BID: 30951 // JVNDB: JVNDB-2008-006000 // PACKETSTORM: 69548 // PACKETSTORM: 69521 // CNNVD: CNNVD-200809-021 // NVD: CVE-2008-3101

REFERENCES

url:	http://www.datensalat.eu/~fabian/cve/cve-2008-3101-vtigercrm.html	Trust: 1.8
url:	http://www.securityfocus.com/bid/30951	Trust: 1.7
url:	http://secunia.com/advisories/31679	Trust: 1.7
url:	http://securityreason.com/securityalert/4208	Trust: 1.7
url:	http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1%5baction%5d=getviewdetailsfordownload&tx_abdownloads_pi1%5buid%5d=128&tx_abdownloads_pi1%5bcategory_uid%5d=5&chash=e16be773a5	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/495885/100/0/threaded	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2008/2471	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/44792	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3101	Trust: 0.9
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3101	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/44792	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/495885/100/0/threaded	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2008/2471	Trust: 0.6
url:	http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload&tx_abdownloads_pi1[uid]=128&tx_abdownloads_pi1[category_uid]=5&chash=e16be773a5	Trust: 0.4
url:	http://hypersilence.net/silentum_loginsys.php	Trust: 0.3
url:	msg://bugtraq/20080901112401.4a51701a@mobile.fabian.datensalat.eu	Trust: 0.3
url:	www.vtiger.de	Trust: 0.3
url:	http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1%5baction%5d=getviewdetailsfordownload&tx_abdownloads_pi1%5buid%5d=128&tx_abdownloads_pi1%5bcategory_uid%5d=5&chash=e16be773a5	Trust: 0.1
url:	http://www.vtiger.de/	Trust: 0.1
url:	http://cve.mitre.org/),	Trust: 0.1
url:	http://www.hboeck.de	Trust: 0.1
url:	https://www.datensalat.eu	Trust: 0.1
url:	http://localhost/vtigercrm/index.php?module=home&action=unifiedsearch&query_string="><script>alert(1);</script>	Trust: 0.1
url:	http://www.fabian-fingerle.de	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-3101	Trust: 0.1
url:	http://creativecommons.org/licenses/by/3.0/de/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2008-3101	Trust: 0.1
url:	http://localhost/vtigercrm/,	Trust: 0.1
url:	http://localhost/vtigercrm/index.php?module=products&action=index&parenttab="><script>alert(1);</script>	Trust: 0.1
url:	http://localhost/vtigercrm/index.php?module=users&action=authenticate&user_password="><script>alert(1);</script>	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/31679/	Trust: 0.1
url:	http://secunia.com/hardcore_disassembler_and_reverse_engineer/	Trust: 0.1
url:	http://secunia.com/product/14762/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/secunia_security_specialist/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

CREDITS

Fabian Fingerle※ fabian@datensalat.eu

Trust: 0.6

sources: CNNVD: CNNVD-200809-021

SOURCES

db:	VULHUB	id:	VHN-33226
db:	BID	id:	31055
db:	BID	id:	30951
db:	JVNDB	id:	JVNDB-2008-006000
db:	PACKETSTORM	id:	69548
db:	PACKETSTORM	id:	69521
db:	CNNVD	id:	CNNVD-200809-021
db:	NVD	id:	CVE-2008-3101

LAST UPDATE DATE

2025-04-10T23:00:44.872000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-33226	date:	2018-10-11T00:00:00
db:	BID	id:	31055	date:	2008-09-09T17:11:00
db:	BID	id:	30951	date:	2008-09-01T00:00:00
db:	JVNDB	id:	JVNDB-2008-006000	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200809-021	date:	2009-01-29T00:00:00
db:	NVD	id:	CVE-2008-3101	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-33226	date:	2008-09-03T00:00:00
db:	BID	id:	31055	date:	2008-09-06T00:00:00
db:	BID	id:	30951	date:	2008-09-01T00:00:00
db:	JVNDB	id:	JVNDB-2008-006000	date:	2012-12-20T00:00:00
db:	PACKETSTORM	id:	69548	date:	2008-09-03T02:42:07
db:	PACKETSTORM	id:	69521	date:	2008-09-03T00:17:02
db:	CNNVD	id:	CNNVD-200809-021	date:	2008-09-03T00:00:00
db:	NVD	id:	CVE-2008-3101	date:	2008-09-03T14:12:00