1. OVERVIEW
The vtiger CRM 5.2.1 and lower versions are vulnerable to Cross Site Scripting. No fixed version has been released as of 2011-10-04.
2. BACKGROUND
vtiger CRM is a free, full-featured, 100% Open Source CRM software ideal for small and medium businesses, with low-cost product support available to production users that need reliable support. vtiger CRM is a widely used product with thousands of users in dozens of countries. It has a vibrant community of users driving the product forward, and contributing to it’s development. Over 2 million copies of vtiger CRM have been downloaded so far. It was launched as a fork of version 1.0 of the SugarCRM project launched on December 31st, 2004.
3. VULNERABILITY DESCRIPTION
Multiple parameters were not properly sanitized, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim’s browser.
4. VERSIONS AFFECTED
Tested on 5.2.1
Etiquetes: 
Catégories : 
