CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-3818

Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a DetailView action in the Leads module for index.php, (3) the $_SERVER['PHP_SELF'] variable, which is used in multiple locations such as index.php, and (4) aggregated RSS feeds in the RSS aggregation module.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.02

EPSS Ranking 83.4%

CVSS Severity

CVSS v2 Score 4.3

References

Products affected by CVE-2005-3818

Vtiger » Vtiger Crm » Version: 1.0

cpe:2.3:a:vtiger:vtiger_crm:1.0
Vtiger » Vtiger Crm » Version: 2.0

cpe:2.3:a:vtiger:vtiger_crm:2.0
Vtiger » Vtiger Crm » Version: 2.0.1

cpe:2.3:a:vtiger:vtiger_crm:2.0.1
Vtiger » Vtiger Crm » Version: 2.1

cpe:2.3:a:vtiger:vtiger_crm:2.1
Vtiger » Vtiger Crm » Version: 3.0

cpe:2.3:a:vtiger:vtiger_crm:3.0
Vtiger » Vtiger Crm » Version: 3.2

cpe:2.3:a:vtiger:vtiger_crm:3.2
Vtiger » Vtiger Crm » Version: 4

cpe:2.3:a:vtiger:vtiger_crm:4
Vtiger » Vtiger Crm » Version: 4.0

cpe:2.3:a:vtiger:vtiger_crm:4.0
Vtiger » Vtiger Crm » Version: 4.0.1

cpe:2.3:a:vtiger:vtiger_crm:4.0.1
Vtiger » Vtiger Crm » Version: 4.2

cpe:2.3:a:vtiger:vtiger_crm:4.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-3818

Products

Pricing

Contact Us