cvelistv5 - cve-2008-3101

CVE-2008-3101 (GCVE-0-2008-3101)

Vulnerability from cvelistv5

Published

2008-09-03 14:00

Modified

2024-08-07 09:28

Severity ?

CWE

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/31679	Patch, Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/4208
cve@mitre.org	http://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html	Exploit
cve@mitre.org	http://www.securityfocus.com/archive/1/495885/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/30951	Exploit, Patch
cve@mitre.org	http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1%5Baction%5D=getviewdetailsfordownload&tx_abdownloads_pi1%5Buid%5D=128&tx_abdownloads_pi1%5Bcategory_uid%5D=5&cHash=e16be773a5
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2471
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/44792
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31679	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/4208
af854a3a-2127-422b-91ae-364da2661108	http://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/495885/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/30951	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1%5Baction%5D=getviewdetailsfordownload&tx_abdownloads_pi1%5Buid%5D=128&tx_abdownloads_pi1%5Bcategory_uid%5D=5&cHash=e16be773a5
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2471
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/44792

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:28:40.486Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "30951",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/30951"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1%5Baction%5D=getviewdetailsfordownload\u0026tx_abdownloads_pi1%5Buid%5D=128\u0026tx_abdownloads_pi1%5Bcategory_uid%5D=5\u0026cHash=e16be773a5"
          },
          {
            "name": "vtigercrm-index-xss(44792)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44792"
          },
          {
            "name": "4208",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/4208"
          },
          {
            "name": "ADV-2008-2471",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2471"
          },
          {
            "name": "31679",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31679"
          },
          {
            "name": "20080901 Multiple Cross Site Scripting (XSS) Vulnerabilities in vtigerCRM 5.0.4, CVE-2008-3101",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/495885/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "30951",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/30951"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1%5Baction%5D=getviewdetailsfordownload\u0026tx_abdownloads_pi1%5Buid%5D=128\u0026tx_abdownloads_pi1%5Bcategory_uid%5D=5\u0026cHash=e16be773a5"
        },
        {
          "name": "vtigercrm-index-xss(44792)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44792"
        },
        {
          "name": "4208",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/4208"
        },
        {
          "name": "ADV-2008-2471",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2471"
        },
        {
          "name": "31679",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31679"
        },
        {
          "name": "20080901 Multiple Cross Site Scripting (XSS) Vulnerabilities in vtigerCRM 5.0.4, CVE-2008-3101",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/495885/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3101",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "30951",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/30951"
            },
            {
              "name": "http://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html",
              "refsource": "MISC",
              "url": "http://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html"
            },
            {
              "name": "http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload\u0026tx_abdownloads_pi1[uid]=128\u0026tx_abdownloads_pi1[category_uid]=5\u0026cHash=e16be773a5",
              "refsource": "MISC",
              "url": "http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload\u0026tx_abdownloads_pi1[uid]=128\u0026tx_abdownloads_pi1[category_uid]=5\u0026cHash=e16be773a5"
            },
            {
              "name": "vtigercrm-index-xss(44792)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44792"
            },
            {
              "name": "4208",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/4208"
            },
            {
              "name": "ADV-2008-2471",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2471"
            },
            {
              "name": "31679",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31679"
            },
            {
              "name": "20080901 Multiple Cross Site Scripting (XSS) Vulnerabilities in vtigerCRM 5.0.4, CVE-2008-3101",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/495885/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-3101",
    "datePublished": "2008-09-03T14:00:00",
    "dateReserved": "2008-07-09T00:00:00",
    "dateUpdated": "2024-08-07T09:28:40.486Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-3101\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-09-03T14:12:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php.\"},{\"lang\":\"es\",\"value\":\"Multiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en vtiger CRM 5.0.4 permiten a atacantes remotos inyectar web script o HTML a trav\u00e9s del par\u00e1metro (1) parenttab en una acci\u00f3n index del m\u00f3dulo Products, como se llega a trav\u00e9s de index.php; (2) el par\u00e1metro user_password en una acci\u00f3n Authenticate del m\u00f3dulo Users, como se llega a trav\u00e9s de index.php; o (3) el par\u00e1metro query_string en una acci\u00f3n UnifiedSearch del m\u00f3dulo Home, como se llega a trav\u00e9s de index.php.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vtiger:vtiger_crm:5.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84AE51A9-59AF-47F9-8AFC-5219505FD170\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/31679\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/4208\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/archive/1/495885/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/30951\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1%5Baction%5D=getviewdetailsfordownload\u0026tx_abdownloads_pi1%5Buid%5D=128\u0026tx_abdownloads_pi1%5Bcategory_uid%5D=5\u0026cHash=e16be773a5\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2471\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/44792\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/31679\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/4208\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/archive/1/495885/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/30951\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1%5Baction%5D=getviewdetailsfordownload\u0026tx_abdownloads_pi1%5Buid%5D=128\u0026tx_abdownloads_pi1%5Bcategory_uid%5D=5\u0026cHash=e16be773a5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2471\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/44792\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

var-200809-0406

Vulnerability from variot

Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php. vtiger CRM Contains a cross-site scripting vulnerability.Any third party, through the following parameters, Web Script or HTML May be inserted. vtiger CRM is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. vtiger CRM 5.0.4 is vulnerable; other versions may also be affected. There is a cross-site scripting vulnerability in the Activities module of vtiger CRM version 5.0.4. NOTE: The query_string vector has been covered by CVE-2008-3101.3. The application is vulnerable to simple Cross Site Scripting, which can be used for several isues

Example

Assuming vtigerCRM is installed on http://localhost/vtigercrm/, one can inject JavaScript with: http://localhost/vtigercrm/index.php?module=Products&action=index&parenttab=">alert(1); http://localhost/vtigercrm/index.php?module=Users&action=Authenticate&user_password=">alert(1); http://localhost/vtigercrm/index.php?module=Home&action=UnifiedSearch&query_string=">alert(1);

Workaround/Fix

vtiger CRM Security Patch for 5.0.4 [1]

Disclosure Timeline

2008-07-28 Vendor contacted 2008-07-28 Vendor fixed issue in test environment 2008-07-30 Vender released patch 2008-07-30 Vendor dev statet they'll release a second patch within days 2008-09-01 published advisory, no second patch from upstream yet

CVE Information

The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-3101 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. Credits and copyright

This vulnerability was discovered by Fabian Fingerle [2] (published with help from Hanno Boeck [3]). It's licensed under the creative commons attribution license [4].

Fabian Fingerle, 2008-09-01

[1] http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload&tx_abdownloads_pi1[uid]=128&tx_abdownloads_pi1[category_uid]=5&cHash=e16be773a5 [2] http://www.fabian-fingerle.de [3] http://www.hboeck.de [4] http://creativecommons.org/licenses/by/3.0/de/

-- GPG 3D17 CAC8 1955 1908 65ED 5C51 FDA3 6A09 AB41 AB85 chaos events near stuttgart www.datensalat.eu .

Successful exploitation of this vulnerability requires that the target user has valid user credentials.

The vulnerabilities are confirmed in version 5.0.4.

SOLUTION: Apply the vendor's official patch: http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1%5Baction%5D=getviewdetailsfordownload&tx_abdownloads_pi1%5Buid%5D=128&tx_abdownloads_pi1%5Bcategory_uid%5D=5&cHash=e16be773a5

PROVIDED AND/OR DISCOVERED BY: Fabian Fingerle

ORIGINAL ADVISORY: http://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200809-0406",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "crm",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "vtiger",
        "version": "5.0.4"
      },
      {
        "model": "silentum loginsys",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hypersilence",
        "version": "1.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "31055"
      },
      {
        "db": "BID",
        "id": "30951"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-006000"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-021"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3101"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-006000"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fabian Fingerle\u203b fabian@datensalat.eu",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-021"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2008-3101",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2008-3101",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-33226",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2008-3101",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2008-3101",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200809-021",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-33226",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33226"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-006000"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-021"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3101"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php. vtiger CRM Contains a cross-site scripting vulnerability.Any third party, through the following parameters, Web Script or HTML May be inserted. vtiger CRM is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nvtiger CRM 5.0.4 is vulnerable; other versions may also be affected. There is a cross-site scripting vulnerability in the Activities module of vtiger CRM version 5.0.4. NOTE: The query_string vector has been covered by CVE-2008-3101.3. The application is vulnerable to simple Cross Site Scripting,\nwhich can be used for several isues \n\nExample\n\nAssuming vtigerCRM is installed on http://localhost/vtigercrm/, one can\ninject JavaScript with:\nhttp://localhost/vtigercrm/index.php?module=Products\u0026action=index\u0026parenttab=\"\u003e\u003cscript\u003ealert(1);\u003c/script\u003e\nhttp://localhost/vtigercrm/index.php?module=Users\u0026action=Authenticate\u0026user_password=\"\u003e\u003cscript\u003ealert(1);\u003c/script\u003e\nhttp://localhost/vtigercrm/index.php?module=Home\u0026action=UnifiedSearch\u0026query_string=\"\u003e\u003cscript\u003ealert(1);\u003c/script\u003e\n\nWorkaround/Fix\n\nvtiger CRM Security Patch for 5.0.4 [1]\n\nDisclosure Timeline\n\n2008-07-28 Vendor contacted\n2008-07-28 Vendor fixed issue in test environment\n2008-07-30 Vender released patch\n2008-07-30 Vendor dev statet they\u0027ll release a second patch within days\n2008-09-01 published advisory, no second patch from upstream yet\n\nCVE Information\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CVE-2008-3101 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org/), which standardizes names for\nsecurity problems. Credits and copyright\n\nThis vulnerability was discovered by Fabian Fingerle [2] (published with\nhelp from Hanno Boeck [3]). It\u0027s licensed under the creative\ncommons attribution license [4]. \n\nFabian Fingerle, 2008-09-01\n\n[1] http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload\u0026tx_abdownloads_pi1[uid]=128\u0026tx_abdownloads_pi1[category_uid]=5\u0026cHash=e16be773a5\n[2] http://www.fabian-fingerle.de\n[3] http://www.hboeck.de\n[4] http://creativecommons.org/licenses/by/3.0/de/\n\n-- \n_GPG_ 3D17 CAC8 1955 1908 65ED  5C51 FDA3 6A09 AB41 AB85\n_chaos events near stuttgart_ www.datensalat.eu\n. \n\nSuccessful exploitation of this vulnerability requires that the\ntarget user has valid user credentials. \n\nThe vulnerabilities are confirmed in version 5.0.4. \n\nSOLUTION:\nApply the vendor\u0027s official patch:\nhttp://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1%5Baction%5D=getviewdetailsfordownload\u0026tx_abdownloads_pi1%5Buid%5D=128\u0026tx_abdownloads_pi1%5Bcategory_uid%5D=5\u0026cHash=e16be773a5\n\nPROVIDED AND/OR DISCOVERED BY:\nFabian Fingerle\n\nORIGINAL ADVISORY:\nhttp://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-3101"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-006000"
      },
      {
        "db": "BID",
        "id": "31055"
      },
      {
        "db": "BID",
        "id": "30951"
      },
      {
        "db": "VULHUB",
        "id": "VHN-33226"
      },
      {
        "db": "PACKETSTORM",
        "id": "69548"
      },
      {
        "db": "PACKETSTORM",
        "id": "69521"
      }
    ],
    "trust": 2.43
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-33226",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33226"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-3101",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "30951",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "31679",
        "trust": 1.9
      },
      {
        "db": "SREASON",
        "id": "4208",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2471",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-006000",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "44792",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20080901 MULTIPLE CROSS SITE SCRIPTING (XSS) VULNERABILITIES IN VTIGERCRM 5.0.4, CVE-2008-3101",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-021",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "31055",
        "trust": 0.4
      },
      {
        "db": "PACKETSTORM",
        "id": "69548",
        "trust": 0.2
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-85602",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "32307",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-33226",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "69521",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33226"
      },
      {
        "db": "BID",
        "id": "31055"
      },
      {
        "db": "BID",
        "id": "30951"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-006000"
      },
      {
        "db": "PACKETSTORM",
        "id": "69548"
      },
      {
        "db": "PACKETSTORM",
        "id": "69521"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-021"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3101"
      }
    ]
  },
  "id": "VAR-200809-0406",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33226"
      }
    ],
    "trust": 0.62916664
  },
  "last_update_date": "2024-11-23T21:56:34.765000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "vtiger CRM",
        "trust": 0.8,
        "url": "https://www.vtiger.com/crm/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-006000"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33226"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-006000"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3101"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://www.datensalat.eu/~fabian/cve/cve-2008-3101-vtigercrm.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/30951"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/31679"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/4208"
      },
      {
        "trust": 1.7,
        "url": "http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1%5baction%5d=getviewdetailsfordownload\u0026tx_abdownloads_pi1%5buid%5d=128\u0026tx_abdownloads_pi1%5bcategory_uid%5d=5\u0026chash=e16be773a5"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/495885/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2008/2471"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44792"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3101"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3101"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/44792"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/495885/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2008/2471"
      },
      {
        "trust": 0.4,
        "url": "http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload\u0026tx_abdownloads_pi1[uid]=128\u0026tx_abdownloads_pi1[category_uid]=5\u0026chash=e16be773a5"
      },
      {
        "trust": 0.3,
        "url": "http://hypersilence.net/silentum_loginsys.php"
      },
      {
        "trust": 0.3,
        "url": "msg://bugtraq/20080901112401.4a51701a@mobile.fabian.datensalat.eu"
      },
      {
        "trust": 0.3,
        "url": "www.vtiger.de"
      },
      {
        "trust": 0.1,
        "url": "http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1%5baction%5d=getviewdetailsfordownload\u0026amp;tx_abdownloads_pi1%5buid%5d=128\u0026amp;tx_abdownloads_pi1%5bcategory_uid%5d=5\u0026amp;chash=e16be773a5"
      },
      {
        "trust": 0.1,
        "url": "http://www.vtiger.de/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/),"
      },
      {
        "trust": 0.1,
        "url": "http://www.hboeck.de"
      },
      {
        "trust": 0.1,
        "url": "https://www.datensalat.eu"
      },
      {
        "trust": 0.1,
        "url": "http://localhost/vtigercrm/index.php?module=home\u0026action=unifiedsearch\u0026query_string=\"\u003e\u003cscript\u003ealert(1);\u003c/script\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.fabian-fingerle.de"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-3101"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by/3.0/de/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3101"
      },
      {
        "trust": 0.1,
        "url": "http://localhost/vtigercrm/,"
      },
      {
        "trust": 0.1,
        "url": "http://localhost/vtigercrm/index.php?module=products\u0026action=index\u0026parenttab=\"\u003e\u003cscript\u003ealert(1);\u003c/script\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://localhost/vtigercrm/index.php?module=users\u0026action=authenticate\u0026user_password=\"\u003e\u003cscript\u003ealert(1);\u003c/script\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/31679/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14762/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_specialist/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-33226"
      },
      {
        "db": "BID",
        "id": "31055"
      },
      {
        "db": "BID",
        "id": "30951"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-006000"
      },
      {
        "db": "PACKETSTORM",
        "id": "69548"
      },
      {
        "db": "PACKETSTORM",
        "id": "69521"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-021"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3101"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-33226"
      },
      {
        "db": "BID",
        "id": "31055"
      },
      {
        "db": "BID",
        "id": "30951"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-006000"
      },
      {
        "db": "PACKETSTORM",
        "id": "69548"
      },
      {
        "db": "PACKETSTORM",
        "id": "69521"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-021"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3101"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-09-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-33226"
      },
      {
        "date": "2008-09-06T00:00:00",
        "db": "BID",
        "id": "31055"
      },
      {
        "date": "2008-09-01T00:00:00",
        "db": "BID",
        "id": "30951"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-006000"
      },
      {
        "date": "2008-09-03T02:42:07",
        "db": "PACKETSTORM",
        "id": "69548"
      },
      {
        "date": "2008-09-03T00:17:02",
        "db": "PACKETSTORM",
        "id": "69521"
      },
      {
        "date": "2008-09-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200809-021"
      },
      {
        "date": "2008-09-03T14:12:00",
        "db": "NVD",
        "id": "CVE-2008-3101"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-33226"
      },
      {
        "date": "2008-09-09T17:11:00",
        "db": "BID",
        "id": "31055"
      },
      {
        "date": "2008-09-01T00:00:00",
        "db": "BID",
        "id": "30951"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-006000"
      },
      {
        "date": "2009-01-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200809-021"
      },
      {
        "date": "2024-11-21T00:48:25.560000",
        "db": "NVD",
        "id": "CVE-2008-3101"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "31055"
      },
      {
        "db": "BID",
        "id": "30951"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "vtiger CRM Multiple Cross-Site Scripting Vulnerabilities",
    "sources": [
      {
        "db": "BID",
        "id": "30951"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-021"
      }
    ],
    "trust": 0.9
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "69548"
      },
      {
        "db": "PACKETSTORM",
        "id": "69521"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200809-021"
      }
    ],
    "trust": 0.8
  }
}

gsd-2008-3101

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2008-3101

Aliases

CVE-2008-3101

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-3101",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php.",
    "id": "GSD-2008-3101",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2008-3101"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-3101"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php.",
      "id": "GSD-2008-3101",
      "modified": "2023-12-13T01:23:05.049067Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-3101",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "30951",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/30951"
          },
          {
            "name": "http://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html",
            "refsource": "MISC",
            "url": "http://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html"
          },
          {
            "name": "http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload\u0026tx_abdownloads_pi1[uid]=128\u0026tx_abdownloads_pi1[category_uid]=5\u0026cHash=e16be773a5",
            "refsource": "MISC",
            "url": "http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload\u0026tx_abdownloads_pi1[uid]=128\u0026tx_abdownloads_pi1[category_uid]=5\u0026cHash=e16be773a5"
          },
          {
            "name": "vtigercrm-index-xss(44792)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44792"
          },
          {
            "name": "4208",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/4208"
          },
          {
            "name": "ADV-2008-2471",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2471"
          },
          {
            "name": "31679",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31679"
          },
          {
            "name": "20080901 Multiple Cross Site Scripting (XSS) Vulnerabilities in vtigerCRM 5.0.4, CVE-2008-3101",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/495885/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3101"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html"
            },
            {
              "name": "30951",
              "refsource": "BID",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/30951"
            },
            {
              "name": "31679",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/31679"
            },
            {
              "name": "4208",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/4208"
            },
            {
              "name": "ADV-2008-2471",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/2471"
            },
            {
              "name": "vtigercrm-index-xss(44792)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44792"
            },
            {
              "name": "http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload\u0026tx_abdownloads_pi1[uid]=128\u0026tx_abdownloads_pi1[category_uid]=5\u0026cHash=e16be773a5",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload\u0026tx_abdownloads_pi1[uid]=128\u0026tx_abdownloads_pi1[category_uid]=5\u0026cHash=e16be773a5"
            },
            {
              "name": "20080901 Multiple Cross Site Scripting (XSS) Vulnerabilities in vtigerCRM 5.0.4, CVE-2008-3101",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/495885/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-11T20:45Z",
      "publishedDate": "2008-09-03T14:12Z"
    }
  }
}

ghsa-hvm7-mwfr-vm66

Vulnerability from github

Published

2022-05-01 23:56

Modified

2025-04-09 03:57

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-3101"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-09-03T14:12:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php.",
  "id": "GHSA-hvm7-mwfr-vm66",
  "modified": "2025-04-09T03:57:57Z",
  "published": "2022-05-01T23:56:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3101"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44792"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31679"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/4208"
    },
    {
      "type": "WEB",
      "url": "http://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/495885/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/30951"
    },
    {
      "type": "WEB",
      "url": "http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1%5Baction%5D=getviewdetailsfordownload\u0026tx_abdownloads_pi1%5Buid%5D=128\u0026tx_abdownloads_pi1%5Bcategory_uid%5D=5\u0026cHash=e16be773a5"
    },
    {
      "type": "WEB",
      "url": "http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload\u0026tx_abdownloads_pi1[uid]=128\u0026tx_abdownloads_pi1[category_uid]=5\u0026cHash=e16be773a5"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2471"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2008-3101

Vulnerability from fkie_nvd

Published

2008-09-03 14:12

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/31679	Patch, Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/4208
cve@mitre.org	http://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html	Exploit
cve@mitre.org	http://www.securityfocus.com/archive/1/495885/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/30951	Exploit, Patch
cve@mitre.org	http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1%5Baction%5D=getviewdetailsfordownload&tx_abdownloads_pi1%5Buid%5D=128&tx_abdownloads_pi1%5Bcategory_uid%5D=5&cHash=e16be773a5
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2471
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/44792
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31679	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/4208
af854a3a-2127-422b-91ae-364da2661108	http://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/495885/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/30951	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1%5Baction%5D=getviewdetailsfordownload&tx_abdownloads_pi1%5Buid%5D=128&tx_abdownloads_pi1%5Bcategory_uid%5D=5&cHash=e16be773a5
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2471
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/44792

Impacted products

	Vendor	Product	Version
	vtiger	vtiger_crm	5.0.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "84AE51A9-59AF-47F9-8AFC-5219505FD170",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php."
    },
    {
      "lang": "es",
      "value": "Multiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en vtiger CRM 5.0.4 permiten a atacantes remotos inyectar web script o HTML a trav\u00e9s del par\u00e1metro (1) parenttab en una acci\u00f3n index del m\u00f3dulo Products, como se llega a trav\u00e9s de index.php; (2) el par\u00e1metro user_password en una acci\u00f3n Authenticate del m\u00f3dulo Users, como se llega a trav\u00e9s de index.php; o (3) el par\u00e1metro query_string en una acci\u00f3n UnifiedSearch del m\u00f3dulo Home, como se llega a trav\u00e9s de index.php."
    }
  ],
  "id": "CVE-2008-3101",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-09-03T14:12:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31679"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/4208"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/495885/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/30951"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1%5Baction%5D=getviewdetailsfordownload\u0026tx_abdownloads_pi1%5Buid%5D=128\u0026tx_abdownloads_pi1%5Bcategory_uid%5D=5\u0026cHash=e16be773a5"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2471"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44792"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31679"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/4208"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/495885/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/30951"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1%5Baction%5D=getviewdetailsfordownload\u0026tx_abdownloads_pi1%5Buid%5D=128\u0026tx_abdownloads_pi1%5Bcategory_uid%5D=5\u0026cHash=e16be773a5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2471"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44792"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2008-3101 (GCVE-0-2008-3101)

Vulnerability from cvelistv5

var-200809-0406

Vulnerability from variot

gsd-2008-3101

Vulnerability from gsd

ghsa-hvm7-mwfr-vm66

Vulnerability from github

fkie_cve-2008-3101

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature