Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N
Vendors Products
Browsercrm
  • Browsercrm

Configuration 1 [-]

OR cpe:2.3:a:browsercrm:browsercrm:*:*:*:*:*:*:*:*
cpe:2.3:a:browsercrm:browsercrm:4.604.01:*:*:*:*:*:*:*
cpe:2.3:a:browsercrm:browsercrm:4.605.00:*:*:*:*:*:*:*
cpe:2.3:a:browsercrm:browsercrm:4.607.00:*:*:*:*:*:*:*
cpe:2.3:a:browsercrm:browsercrm:4.610.00:*:*:*:*:*:*:*
cpe:2.3:a:browsercrm:browsercrm:4.611.01:*:*:*:*:*:*:*
cpe:2.3:a:browsercrm:browsercrm:4.612.00:*:*:*:*:*:*:*
cpe:2.3:a:browsercrm:browsercrm:4.614.00:*:*:*:*:*:*:*
cpe:2.3:a:browsercrm:browsercrm:4.615.10:*:*:*:*:*:*:*
cpe:2.3:a:browsercrm:browsercrm:4.615.11:*:*:*:*:*:*:*
cpe:2.3:a:browsercrm:browsercrm:4.616.00:*:*:*:*:*:*:*
cpe:2.3:a:browsercrm:browsercrm:4.617.00:*:*:*:*:*:*:*
cpe:2.3:a:browsercrm:browsercrm:4.619.00:*:*:*:*:*:*:*
cpe:2.3:a:browsercrm:browsercrm:4.620.01:*:*:*:*:*:*:*
cpe:2.3:a:browsercrm:browsercrm:4.622.00:*:*:*:*:*:*:*
cpe:2.3:a:browsercrm:browsercrm:4.624.00:*:*:*:*:*:*:*
cpe:2.3:a:browsercrm:browsercrm:4.624.01:*:*:*:*:*:*:*
cpe:2.3:a:browsercrm:browsercrm:4.624.50:*:*:*:*:*:*:*
cpe:2.3:a:browsercrm:browsercrm:4.624.60:*:*:*:*:*:*:*
cpe:2.3:a:browsercrm:browsercrm:4.624.70:*:*:*:*:*:*:*
cpe:2.3:a:browsercrm:browsercrm:4.624.80:*:*:*:*:*:*:*
cpe:2.3:a:browsercrm:browsercrm:4.624.90:*:*:*:*:*:*:*
cpe:2.3:a:browsercrm:browsercrm:4.691.01:*:*:*:*:*:*:*
cpe:2.3:a:browsercrm:browsercrm:4.999.20:*:*:*:*:*:*:*
cpe:2.3:a:browsercrm:browsercrm:5.000.00:*:*:*:*:*:*:*
cpe:2.3:a:browsercrm:browsercrm:5.000.01:*:*:*:*:*:*:*
cpe:2.3:a:browsercrm:browsercrm:5.001.00:*:*:*:*:*:*:*
cpe:2.3:a:browsercrm:browsercrm:5.002.00:*:*:*:*:*:*:*
cpe:2.3:a:browsercrm:browsercrm:5.100.00:*:*:*:*:*:*:*
References
Link Resource
http://osvdb.org/77728
http://osvdb.org/77729
http://osvdb.org/77730
http://osvdb.org/77731
http://osvdb.org/77732
http://secunia.com/advisories/47217 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/71827
https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_browser_crm.html Exploit
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2012-10-25T17:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2012-10-25T00:00:00

Link: CVE-2011-5214

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2012-10-25T17:55:02.750

Modified: 2017-08-29T01:30:44.727

Link: CVE-2011-5214

JSON object: View

cve-icon Redhat Information

No data.

CWE