var-201402-0420
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) return_url parameter to modules\com_vtiger_workflow\savetemplate.php, or unspecified vectors to (2) deletetask.php, (3) edittask.php, (4) savetask.php, or (5) saveworkflow.php. (1) modules\com_vtiger_workflow\savetemplate.php of return_url Parameters (2) deletetask.php Unspecified elements (3) edittask.php Unspecified elements (4) savetask.php Unspecified elements (5) saveworkflow.php Unspecified elements. Vtiger CRM is a set of customer relationship management system (CRM) based on SugarCRM developed by Vtiger in the United States. The management system provides functions such as management, collection, and analysis of customer information. A cross-site scripting vulnerability exists in Vtiger, which stems from programs that do not properly filter input submitted by users. When a user browses an affected website, their browser will execute arbitrary script code provided by the attacker, which may cause the attacker to steal cookie-based authentication and launch other attacks. Vtiger 5.4.0 has vulnerabilities. Other versions may also be affected. [SOJOBO-ADV-13-05] - Vtiger 5.4.0 Reflected Cross Site Scripting
I. * Information *
Name : Vtiger 5.4.0 Reflected Cross Site Scripting Software : Vtiger 5.4.0 and possibly below. Vendor Homepage : https://www.vtiger.com/ Vulnerability Type : Reflected Cross-Site Scripting Severity : Medium (3/5) Advisory Reference : SOJOBO-ADV-13-05 (http://www.enkomio.com/Advisories) Credits: Sojobo dev team Description: A Reflected Cross Site Scripting vulnerability was discovered during the testing of Sojobo, Static Analysis Tool.
II. * Details *
A) Reflected Cross Site Scripting in savetemplate.php, deletetask.php, edittask.php, savetask.php and saveworkflow.php [Impact: 3/5]
Follow a trace to reach the vulnerable code.
File: \modules\com_vtiger_workflow\savetemplate.php 45: vtSaveWorkflowTemplate($adb, $_REQUEST); ... 37: $returnUrl = $request['return_url']; ... 40: window.location="";
The variable 'return_url' isn't correctly validated before to be printed in the page.
A test request is: /index.php?module=com_vtiger_workflow&action=savetemplate&return_url=">alert('xss');
III. * Report Timeline *
26 October 2013 - First contact 29 October 2013 - Fix announced on the new version 10 December 2013 - Fix release with the new version
IV. * About Sojobo *
Sojobo allows you to find security vulnerabilities in your PHP web application source code before others do. By using the state of the art techniques Sojobo is able to identify the most critical vulnerabilities in your code and limit the number of false positives
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "crm",
"scope": "eq",
"trust": 2.4,
"vendor": "vtiger",
"version": "5.4.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006053"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-213"
},
{
"db": "NVD",
"id": "CVE-2013-7326"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006053"
}
]
},
"credits": {
"_id": null,
"data": "Sojobo dev team",
"sources": [
{
"db": "BID",
"id": "64236"
},
{
"db": "PACKETSTORM",
"id": "124402"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-258"
}
],
"trust": 1.0
},
"cve": "CVE-2013-7326",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2013-7326",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-67328",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-7326",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-7326",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201402-213",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-67328",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67328"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006053"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-213"
},
{
"db": "NVD",
"id": "CVE-2013-7326"
}
]
},
"description": {
"_id": null,
"data": "Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) return_url parameter to modules\\com_vtiger_workflow\\savetemplate.php, or unspecified vectors to (2) deletetask.php, (3) edittask.php, (4) savetask.php, or (5) saveworkflow.php. (1) modules\\com_vtiger_workflow\\savetemplate.php of return_url Parameters (2) deletetask.php Unspecified elements (3) edittask.php Unspecified elements (4) savetask.php Unspecified elements (5) saveworkflow.php Unspecified elements. Vtiger CRM is a set of customer relationship management system (CRM) based on SugarCRM developed by Vtiger in the United States. The management system provides functions such as management, collection, and analysis of customer information. \nA cross-site scripting vulnerability exists in Vtiger, which stems from programs that do not properly filter input submitted by users. When a user browses an affected website, their browser will execute arbitrary script code provided by the attacker, which may cause the attacker to steal cookie-based authentication and launch other attacks. Vtiger 5.4.0 has vulnerabilities. Other versions may also be affected. [SOJOBO-ADV-13-05] - Vtiger 5.4.0 Reflected Cross Site Scripting\n\n\nI. * Information *\n==================\nName : Vtiger 5.4.0 Reflected Cross Site Scripting\nSoftware : Vtiger 5.4.0 and possibly below. \nVendor Homepage : https://www.vtiger.com/\nVulnerability Type : Reflected Cross-Site Scripting\nSeverity : Medium (3/5)\nAdvisory Reference : SOJOBO-ADV-13-05 (http://www.enkomio.com/Advisories)\nCredits: Sojobo dev team\nDescription: A Reflected Cross Site Scripting vulnerability was discovered during the testing of Sojobo, Static Analysis Tool. \n\n\nII. * Details *\n===============\nA) Reflected Cross Site Scripting in savetemplate.php, deletetask.php, edittask.php, savetask.php and saveworkflow.php [Impact: 3/5]\n\n\nFollow a trace to reach the vulnerable code. \n\n\nFile: \\modules\\com_vtiger_workflow\\savetemplate.php\n45: vtSaveWorkflowTemplate($adb, $_REQUEST);\n... \n37: $returnUrl = $request[\u0027return_url\u0027];\n... \n40: window.location=\"\u003c?php echo $returnUrl?\u003e\";\n\n\nThe variable \u0027return_url\u0027 isn\u0027t correctly validated before to be printed in the page. \n\n\nA test request is: /index.php?module=com_vtiger_workflow\u0026action=savetemplate\u0026return_url=\"\u003e\u003cscript\u003ealert(\u0027xss\u0027);\u003c/script\u003e\n\n\nIII. * Report Timeline *\n========================\n\n\n26 October 2013 - First contact\n29 October 2013 - Fix announced on the new version\n10 December 2013 - Fix release with the new version\n\n\nIV. * About Sojobo *\n====================\nSojobo allows you to find security vulnerabilities in your PHP web application source code before others do. \nBy using the state of the art techniques Sojobo is able to identify the most critical vulnerabilities in your code \nand limit the number of false positives",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7326"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006053"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-258"
},
{
"db": "BID",
"id": "64236"
},
{
"db": "VULHUB",
"id": "VHN-67328"
},
{
"db": "PACKETSTORM",
"id": "124402"
}
],
"trust": 2.61
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2013-7326",
"trust": 2.8
},
{
"db": "BID",
"id": "64236",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "124402",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "100897",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006053",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201402-213",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201312-258",
"trust": 0.6
},
{
"db": "XF",
"id": "89662",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20131211 [SOJOBO-ADV-13-05] - VTIGER 5.4.0 REFLECTED CROSS SITE SCRIPTING",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-67328",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67328"
},
{
"db": "BID",
"id": "64236"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006053"
},
{
"db": "PACKETSTORM",
"id": "124402"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-258"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-213"
},
{
"db": "NVD",
"id": "CVE-2013-7326"
}
]
},
"id": "VAR-201402-0420",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-67328"
}
],
"trust": 0.62916664
},
"last_update_date": "2024-11-23T22:02:13.868000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.vtiger.com/crm/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006053"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67328"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006053"
},
{
"db": "NVD",
"id": "CVE-2013-7326"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "http://www.enkomio.com/advisory/sojobo-adv-13-05"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/64236"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0052.html"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/124402"
},
{
"trust": 1.7,
"url": "http://osvdb.org/100897"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89662"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7326"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7326"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/89662"
},
{
"trust": 0.3,
"url": "http://sourceforge.net/projects/vtigercrm/files/vtiger%20crm%205.1.0/"
},
{
"trust": 0.1,
"url": "http://www.enkomio.com/advisories)"
},
{
"trust": 0.1,
"url": "https://www.vtiger.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67328"
},
{
"db": "BID",
"id": "64236"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006053"
},
{
"db": "PACKETSTORM",
"id": "124402"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-258"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-213"
},
{
"db": "NVD",
"id": "CVE-2013-7326"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-67328",
"ident": null
},
{
"db": "BID",
"id": "64236",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006053",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "124402",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201312-258",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201402-213",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2013-7326",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2014-02-14T00:00:00",
"db": "VULHUB",
"id": "VHN-67328",
"ident": null
},
{
"date": "2013-12-11T00:00:00",
"db": "BID",
"id": "64236",
"ident": null
},
{
"date": "2014-02-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006053",
"ident": null
},
{
"date": "2013-12-12T04:41:27",
"db": "PACKETSTORM",
"id": "124402",
"ident": null
},
{
"date": "2013-12-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-258",
"ident": null
},
{
"date": "2014-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-213",
"ident": null
},
{
"date": "2014-02-14T19:55:26.717000",
"db": "NVD",
"id": "CVE-2013-7326",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-67328",
"ident": null
},
{
"date": "2014-02-18T15:27:00",
"db": "BID",
"id": "64236",
"ident": null
},
{
"date": "2014-02-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006053",
"ident": null
},
{
"date": "2013-12-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-258",
"ident": null
},
{
"date": "2014-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-213",
"ident": null
},
{
"date": "2024-11-21T02:00:45.227000",
"db": "NVD",
"id": "CVE-2013-7326",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-258"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-213"
}
],
"trust": 1.2
},
"title": {
"_id": null,
"data": "vTiger CRM Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006053"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "124402"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-258"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-213"
}
],
"trust": 1.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…