var-200809-0406
Vulnerability from variot
Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php. vtiger CRM Contains a cross-site scripting vulnerability.Any third party, through the following parameters, Web Script or HTML May be inserted. vtiger CRM is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. vtiger CRM 5.0.4 is vulnerable; other versions may also be affected. There is a cross-site scripting vulnerability in the Activities module of vtiger CRM version 5.0.4. NOTE: The query_string vector has been covered by CVE-2008-3101.3. The application is vulnerable to simple Cross Site Scripting, which can be used for several isues
Example
Assuming vtigerCRM is installed on http://localhost/vtigercrm/, one can inject JavaScript with: http://localhost/vtigercrm/index.php?module=Products&action=index&parenttab=">alert(1); http://localhost/vtigercrm/index.php?module=Users&action=Authenticate&user_password=">alert(1); http://localhost/vtigercrm/index.php?module=Home&action=UnifiedSearch&query_string=">alert(1);
Workaround/Fix
vtiger CRM Security Patch for 5.0.4 [1]
Disclosure Timeline
2008-07-28 Vendor contacted 2008-07-28 Vendor fixed issue in test environment 2008-07-30 Vender released patch 2008-07-30 Vendor dev statet they'll release a second patch within days 2008-09-01 published advisory, no second patch from upstream yet
CVE Information
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-3101 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. Credits and copyright
This vulnerability was discovered by Fabian Fingerle [2] (published with help from Hanno Boeck [3]). It's licensed under the creative commons attribution license [4].
Fabian Fingerle, 2008-09-01
[1] http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload&tx_abdownloads_pi1[uid]=128&tx_abdownloads_pi1[category_uid]=5&cHash=e16be773a5 [2] http://www.fabian-fingerle.de [3] http://www.hboeck.de [4] http://creativecommons.org/licenses/by/3.0/de/
-- GPG 3D17 CAC8 1955 1908 65ED 5C51 FDA3 6A09 AB41 AB85 chaos events near stuttgart www.datensalat.eu .
Successful exploitation of this vulnerability requires that the target user has valid user credentials.
The vulnerabilities are confirmed in version 5.0.4.
SOLUTION: Apply the vendor's official patch: http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1%5Baction%5D=getviewdetailsfordownload&tx_abdownloads_pi1%5Buid%5D=128&tx_abdownloads_pi1%5Bcategory_uid%5D=5&cHash=e16be773a5
PROVIDED AND/OR DISCOVERED BY: Fabian Fingerle
ORIGINAL ADVISORY: http://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200809-0406",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "eq",
"trust": 2.7,
"vendor": "vtiger",
"version": "5.0.4"
},
{
"model": "silentum loginsys",
"scope": "eq",
"trust": 0.3,
"vendor": "hypersilence",
"version": "1.0"
}
],
"sources": [
{
"db": "BID",
"id": "31055"
},
{
"db": "BID",
"id": "30951"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006000"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-021"
},
{
"db": "NVD",
"id": "CVE-2008-3101"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-006000"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fabian Fingerle\u203b fabian@datensalat.eu",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200809-021"
}
],
"trust": 0.6
},
"cve": "CVE-2008-3101",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2008-3101",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-33226",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-3101",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2008-3101",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200809-021",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-33226",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33226"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006000"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-021"
},
{
"db": "NVD",
"id": "CVE-2008-3101"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php. vtiger CRM Contains a cross-site scripting vulnerability.Any third party, through the following parameters, Web Script or HTML May be inserted. vtiger CRM is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nvtiger CRM 5.0.4 is vulnerable; other versions may also be affected. There is a cross-site scripting vulnerability in the Activities module of vtiger CRM version 5.0.4. NOTE: The query_string vector has been covered by CVE-2008-3101.3. The application is vulnerable to simple Cross Site Scripting,\nwhich can be used for several isues \n\nExample\n\nAssuming vtigerCRM is installed on http://localhost/vtigercrm/, one can\ninject JavaScript with:\nhttp://localhost/vtigercrm/index.php?module=Products\u0026action=index\u0026parenttab=\"\u003e\u003cscript\u003ealert(1);\u003c/script\u003e\nhttp://localhost/vtigercrm/index.php?module=Users\u0026action=Authenticate\u0026user_password=\"\u003e\u003cscript\u003ealert(1);\u003c/script\u003e\nhttp://localhost/vtigercrm/index.php?module=Home\u0026action=UnifiedSearch\u0026query_string=\"\u003e\u003cscript\u003ealert(1);\u003c/script\u003e\n\nWorkaround/Fix\n\nvtiger CRM Security Patch for 5.0.4 [1]\n\nDisclosure Timeline\n\n2008-07-28 Vendor contacted\n2008-07-28 Vendor fixed issue in test environment\n2008-07-30 Vender released patch\n2008-07-30 Vendor dev statet they\u0027ll release a second patch within days\n2008-09-01 published advisory, no second patch from upstream yet\n\nCVE Information\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CVE-2008-3101 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org/), which standardizes names for\nsecurity problems. Credits and copyright\n\nThis vulnerability was discovered by Fabian Fingerle [2] (published with\nhelp from Hanno Boeck [3]). It\u0027s licensed under the creative\ncommons attribution license [4]. \n\nFabian Fingerle, 2008-09-01\n\n[1] http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload\u0026tx_abdownloads_pi1[uid]=128\u0026tx_abdownloads_pi1[category_uid]=5\u0026cHash=e16be773a5\n[2] http://www.fabian-fingerle.de\n[3] http://www.hboeck.de\n[4] http://creativecommons.org/licenses/by/3.0/de/\n\n-- \n_GPG_ 3D17 CAC8 1955 1908 65ED 5C51 FDA3 6A09 AB41 AB85\n_chaos events near stuttgart_ www.datensalat.eu\n. \n\nSuccessful exploitation of this vulnerability requires that the\ntarget user has valid user credentials. \n\nThe vulnerabilities are confirmed in version 5.0.4. \n\nSOLUTION:\nApply the vendor\u0027s official patch:\nhttp://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1%5Baction%5D=getviewdetailsfordownload\u0026tx_abdownloads_pi1%5Buid%5D=128\u0026tx_abdownloads_pi1%5Bcategory_uid%5D=5\u0026cHash=e16be773a5\n\nPROVIDED AND/OR DISCOVERED BY:\nFabian Fingerle\n\nORIGINAL ADVISORY:\nhttp://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3101"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006000"
},
{
"db": "BID",
"id": "31055"
},
{
"db": "BID",
"id": "30951"
},
{
"db": "VULHUB",
"id": "VHN-33226"
},
{
"db": "PACKETSTORM",
"id": "69548"
},
{
"db": "PACKETSTORM",
"id": "69521"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-33226",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33226"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-3101",
"trust": 3.3
},
{
"db": "BID",
"id": "30951",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "31679",
"trust": 1.9
},
{
"db": "SREASON",
"id": "4208",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-2471",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006000",
"trust": 0.8
},
{
"db": "XF",
"id": "44792",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080901 MULTIPLE CROSS SITE SCRIPTING (XSS) VULNERABILITIES IN VTIGERCRM 5.0.4, CVE-2008-3101",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200809-021",
"trust": 0.6
},
{
"db": "BID",
"id": "31055",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "69548",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-85602",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "32307",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-33226",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "69521",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33226"
},
{
"db": "BID",
"id": "31055"
},
{
"db": "BID",
"id": "30951"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006000"
},
{
"db": "PACKETSTORM",
"id": "69548"
},
{
"db": "PACKETSTORM",
"id": "69521"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-021"
},
{
"db": "NVD",
"id": "CVE-2008-3101"
}
]
},
"id": "VAR-200809-0406",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-33226"
}
],
"trust": 0.62916664
},
"last_update_date": "2024-11-23T21:56:34.765000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "vtiger CRM",
"trust": 0.8,
"url": "https://www.vtiger.com/crm/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-006000"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33226"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006000"
},
{
"db": "NVD",
"id": "CVE-2008-3101"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.datensalat.eu/~fabian/cve/cve-2008-3101-vtigercrm.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/30951"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/31679"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/4208"
},
{
"trust": 1.7,
"url": "http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1%5baction%5d=getviewdetailsfordownload\u0026tx_abdownloads_pi1%5buid%5d=128\u0026tx_abdownloads_pi1%5bcategory_uid%5d=5\u0026chash=e16be773a5"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/495885/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/2471"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44792"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3101"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3101"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/44792"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/495885/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/2471"
},
{
"trust": 0.4,
"url": "http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload\u0026tx_abdownloads_pi1[uid]=128\u0026tx_abdownloads_pi1[category_uid]=5\u0026chash=e16be773a5"
},
{
"trust": 0.3,
"url": "http://hypersilence.net/silentum_loginsys.php"
},
{
"trust": 0.3,
"url": "msg://bugtraq/20080901112401.4a51701a@mobile.fabian.datensalat.eu"
},
{
"trust": 0.3,
"url": "www.vtiger.de"
},
{
"trust": 0.1,
"url": "http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1%5baction%5d=getviewdetailsfordownload\u0026amp;tx_abdownloads_pi1%5buid%5d=128\u0026amp;tx_abdownloads_pi1%5bcategory_uid%5d=5\u0026amp;chash=e16be773a5"
},
{
"trust": 0.1,
"url": "http://www.vtiger.de/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/),"
},
{
"trust": 0.1,
"url": "http://www.hboeck.de"
},
{
"trust": 0.1,
"url": "https://www.datensalat.eu"
},
{
"trust": 0.1,
"url": "http://localhost/vtigercrm/index.php?module=home\u0026action=unifiedsearch\u0026query_string=\"\u003e\u003cscript\u003ealert(1);\u003c/script\u003e"
},
{
"trust": 0.1,
"url": "http://www.fabian-fingerle.de"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-3101"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by/3.0/de/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3101"
},
{
"trust": 0.1,
"url": "http://localhost/vtigercrm/,"
},
{
"trust": 0.1,
"url": "http://localhost/vtigercrm/index.php?module=products\u0026action=index\u0026parenttab=\"\u003e\u003cscript\u003ealert(1);\u003c/script\u003e"
},
{
"trust": 0.1,
"url": "http://localhost/vtigercrm/index.php?module=users\u0026action=authenticate\u0026user_password=\"\u003e\u003cscript\u003ealert(1);\u003c/script\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/31679/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14762/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_specialist/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33226"
},
{
"db": "BID",
"id": "31055"
},
{
"db": "BID",
"id": "30951"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006000"
},
{
"db": "PACKETSTORM",
"id": "69548"
},
{
"db": "PACKETSTORM",
"id": "69521"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-021"
},
{
"db": "NVD",
"id": "CVE-2008-3101"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-33226"
},
{
"db": "BID",
"id": "31055"
},
{
"db": "BID",
"id": "30951"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006000"
},
{
"db": "PACKETSTORM",
"id": "69548"
},
{
"db": "PACKETSTORM",
"id": "69521"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-021"
},
{
"db": "NVD",
"id": "CVE-2008-3101"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-03T00:00:00",
"db": "VULHUB",
"id": "VHN-33226"
},
{
"date": "2008-09-06T00:00:00",
"db": "BID",
"id": "31055"
},
{
"date": "2008-09-01T00:00:00",
"db": "BID",
"id": "30951"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-006000"
},
{
"date": "2008-09-03T02:42:07",
"db": "PACKETSTORM",
"id": "69548"
},
{
"date": "2008-09-03T00:17:02",
"db": "PACKETSTORM",
"id": "69521"
},
{
"date": "2008-09-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200809-021"
},
{
"date": "2008-09-03T14:12:00",
"db": "NVD",
"id": "CVE-2008-3101"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-33226"
},
{
"date": "2008-09-09T17:11:00",
"db": "BID",
"id": "31055"
},
{
"date": "2008-09-01T00:00:00",
"db": "BID",
"id": "30951"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-006000"
},
{
"date": "2009-01-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200809-021"
},
{
"date": "2024-11-21T00:48:25.560000",
"db": "NVD",
"id": "CVE-2008-3101"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "31055"
},
{
"db": "BID",
"id": "30951"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM Multiple Cross-Site Scripting Vulnerabilities",
"sources": [
{
"db": "BID",
"id": "30951"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-021"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "69548"
},
{
"db": "PACKETSTORM",
"id": "69521"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-021"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…