Summary
This host is installed with Vtiger CRM and is prone to multiple xss vulnerabilities
Impact
Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site
Impact Level: Application
Solution
Upgrade to the latest version of Vtiger 6.0 or later, For updates refer to https://www.vtiger.com
Insight
Flaws are due to improper sanitation of user supplied input passed via 'return_url' parameter to savetemplate.php and unspecified vectors to deletetask.php, edittask.php, savetask.php, or saveworkflow.php.
Affected
Vtiger CRM version 5.4.0
Detection
Send a crafted HTTP GET request and check whether it responds with error message.
References
Severity
Classification
-
CVE CVE-2013-7326 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Tomcat Information Disclosure Vulnerability
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
- Apache Archiva Cross Site Request Forgery Vulnerability
- Adobe ColdFusion HTTP Response Splitting Vulnerability