First published: Fri Nov 26 2010(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the username (aka default_user_name) field or (2) the password field in a Users Login action to index.php, or (3) the label parameter in a Settings GetFieldInfo action to index.php, related to modules/Settings/GetFieldInfo.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Vtiger Vtiger Crm | =3 | |
Vtiger Vtiger Crm | =5.0.3 | |
Vtiger Vtiger Crm | <=5.2.0 | |
Vtiger Vtiger Crm | =5.1.0 | |
Vtiger Vtiger Crm | =2.0.1 | |
Vtiger Vtiger Crm | =2.0 | |
Vtiger Vtiger Crm | =4.2 | |
Vtiger Vtiger Crm | =4.2 | |
Vtiger Vtiger Crm | =5.0.4 | |
Vtiger Vtiger Crm | =2.1 | |
Vtiger Vtiger Crm | =5.1.0-rc | |
Vtiger Vtiger Crm | =4 | |
Vtiger Vtiger Crm | =4.0 | |
Vtiger Vtiger Crm | =3.0-beta | |
Vtiger Vtiger Crm | =3.0 | |
Vtiger Vtiger Crm | =4-rc1 | |
Vtiger Vtiger Crm | =5.0.0 | |
Vtiger Vtiger Crm | =5.0.2 | |
Vtiger Vtiger Crm | =3.2 | |
Vtiger Vtiger Crm | =5.0.4-rc | |
Vtiger Vtiger Crm | =1.0 | |
Vtiger Vtiger Crm | =4-beta | |
Vtiger Vtiger Crm | =4.2.4 | |
Vtiger Vtiger Crm | =4.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.