NVD

Id
69456  
Name
CVE-2005-3818  
Description
Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a DetailView action in the Leads module for index.php, (3) the $_SERVER['PHP_SELF'] variable, which is used in multiple locations such as index.php, and (4) aggregated RSS feeds in the RSS aggregation module.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-07-18  
Published
2005-11-25  
Modified Date
2017-07-10  
Seq
2005-3818  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
359110 69456 CVE-2005-3818 1015271  View
359111 69456 CVE-2005-3818 http://www.hardened-php.net/advisory_232005.105.html  View
359112 69456 CVE-2005-3818 20051124 Advisory 23/2005: vTiger multiple vulnerabilities  View
359113 69456 CVE-2005-3818 15562  View
359114 69456 CVE-2005-3818 ADV-2005-2569  View
359115 69456 CVE-2005-3818 vtiger-multiple-fields-xss(23362)  View
359116 69456 CVE-2005-3818 vtiger-rss-xss(23363)  View

Related JVN