Vulnerability Details CVE-2011-5214
Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.062
EPSS Ranking 90.5%
CVSS Severity
CVSS v2 Score 4.3
References
- http://osvdb.org/77728
- http://osvdb.org/77729
- http://osvdb.org/77730
- http://osvdb.org/77731
- http://osvdb.org/77732
- http://secunia.com/advisories/47217
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71827
- https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_browser_crm.html
- http://osvdb.org/77728
- http://osvdb.org/77729
- http://osvdb.org/77730
- http://osvdb.org/77731
- http://osvdb.org/77732
- http://secunia.com/advisories/47217
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71827
- https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_browser_crm.html
Products affected by CVE-2011-5214
-
cpe:2.3:a:browsercrm:browsercrm:*
-
cpe:2.3:a:browsercrm:browsercrm:4.604.01
-
cpe:2.3:a:browsercrm:browsercrm:4.605.00
-
cpe:2.3:a:browsercrm:browsercrm:4.607.00
-
cpe:2.3:a:browsercrm:browsercrm:4.610.00
-
cpe:2.3:a:browsercrm:browsercrm:4.611.01
-
cpe:2.3:a:browsercrm:browsercrm:4.612.00
-
cpe:2.3:a:browsercrm:browsercrm:4.614.00
-
cpe:2.3:a:browsercrm:browsercrm:4.615.10
-
cpe:2.3:a:browsercrm:browsercrm:4.615.11
-
cpe:2.3:a:browsercrm:browsercrm:4.616.00
-
cpe:2.3:a:browsercrm:browsercrm:4.617.00
-
cpe:2.3:a:browsercrm:browsercrm:4.619.00
-
cpe:2.3:a:browsercrm:browsercrm:4.620.01
-
cpe:2.3:a:browsercrm:browsercrm:4.622.00
-
cpe:2.3:a:browsercrm:browsercrm:4.624.00
-
cpe:2.3:a:browsercrm:browsercrm:4.624.01
-
cpe:2.3:a:browsercrm:browsercrm:4.624.50
-
cpe:2.3:a:browsercrm:browsercrm:4.624.60
-
cpe:2.3:a:browsercrm:browsercrm:4.624.70
-
cpe:2.3:a:browsercrm:browsercrm:4.624.80
-
cpe:2.3:a:browsercrm:browsercrm:4.624.90
-
cpe:2.3:a:browsercrm:browsercrm:4.691.01
-
cpe:2.3:a:browsercrm:browsercrm:4.999.20
-
cpe:2.3:a:browsercrm:browsercrm:5.000.00
-
cpe:2.3:a:browsercrm:browsercrm:5.000.01
-
cpe:2.3:a:browsercrm:browsercrm:5.001.00
-
cpe:2.3:a:browsercrm:browsercrm:5.002.00
-
cpe:2.3:a:browsercrm:browsercrm:5.100.00