CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2005-3821
https://notcve.org/view.php?id=CVE-2005-3821
Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via multiple vectors, including the account name. • http://marc.info/?l=full-disclosure&m=113290708121951&w=2 http://secunia.com/advisories/17693 http://securitytracker.com/id?1015274 http://www.osvdb.org/21232 http://www.securityfocus.com/archive/1/417711/30/0/threaded http://www.securityfocus.com/bid/15569 http://www.vupen.com/english/advisories/2005/2569 •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 4CVE-2005-3818 – vTiger CRM 4.2 Leads Module - 'record' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-3818
Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a DetailView action in the Leads module for index.php, (3) the $_SERVER['PHP_SELF'] variable, which is used in multiple locations such as index.php, and (4) aggregated RSS feeds in the RSS aggregation module. • https://www.exploit-db.com/exploits/26584 https://www.exploit-db.com/exploits/26585 http://secunia.com/advisories/17693 http://securitytracker.com/id?1015271 http://www.hardened-php.net/advisory_232005.105.html http://www.osvdb.org/21227 http://www.osvdb.org/21228 http://www.osvdb.org/21229 http://www.osvdb.org/21230 http://www.securityfocus.com/archive/1/417730/30/0/threaded http://www.securityfocus.com/bid/15562 http://www.vupen.com/english/advisories/ •
CVSS: 6.4EPSS: 1%CPEs: 1EXPL: 1CVE-2005-3820
https://notcve.org/view.php?id=CVE-2005-3820
Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. (dot dot) and null byte ("%00") sequences in the (1) module parameter and (2) action parameter in the Leads module, as also demonstrated by injecting PHP code into log messages and accessing the log file. • http://marc.info/?l=full-disclosure&m=113290708121951&w=2 http://secunia.com/advisories/17693 http://securitytracker.com/id?1015271 http://securitytracker.com/id?1015274 http://www.hardened-php.net/advisory_232005.105.html http://www.securityfocus.com/archive/1/417711/30/0/threaded http://www.securityfocus.com/archive/1/417730/30/0/threaded http://www.securityfocus.com/bid/15562 http://www.securityfocus.com/bid/15569 http://www.vupen.com/english/advisories/2005/2569 •