CVE-2006-4587 - Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow

CVE-2006-4587

Summary

Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) description parameter in unspecified modules or the (2) solution parameter in the HelpDesk module.

References

http://secunia.com/advisories/21728
http://www.osvdb.org/28460
http://www.osvdb.org/28461
http://www.securityfocus.com/bid/19829
http://www.security-net.biz/adv/D3906a.txt
http://www.vupen.com/english/advisories/2006/3444

Vulnerable Configurations

cpe:2.3:a:vtiger:vtiger_crm:4.2:*:*:*:*:*:*:*
cpe:2.3:a:vtiger:vtiger_crm:4.2:*:*:*:*:*:*:*
cpe:2.3:a:vtiger:vtiger_crm:4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:vtiger:vtiger_crm:4.2.4:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 08-03-2011 - 02:41)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	19829
misc	http://www.security-net.biz/adv/D3906a.txt
osvdb	28460 28461
secunia	21728
vupen	ADV-2006-3444

Last major update

08-03-2011 - 02:41

Published

06-09-2006 - 22:04

Last modified

08-03-2011 - 02:41