First published: Thu Jun 06 2019(Updated: )
vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting (XSS) vulnerability affecting version 7.0.1 and probably prior versions. This vulnerability could allow remote unauthenticated attackers to inject arbitrary web script or HTML via index.php?module=Contacts&view=List (app parameter).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Vtiger Vtiger Crm | <=7.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vtiger CRM vulnerability is CVE-2018-8047.
The severity level of CVE-2018-8047 is medium, with a CVSS score of 6.1.
vtiger CRM version 7.0.1 and probably prior versions are affected by CVE-2018-8047.
Remote unauthenticated attackers can exploit CVE-2018-8047 by injecting arbitrary web script or HTML via the index.php?module=Contacts&view=List (app parameter).
A fix for CVE-2018-8047 is not mentioned in the provided information. Please refer to the reference link for more information.