Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the username (aka default_user_name) field or (2) the password field in a Users Login action to index.php, or (3) the label parameter in a Settings GetFieldInfo action to index.php, related to modules/Settings/GetFieldInfo.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
vtiger CRM多个跨站脚本攻击漏洞
Vulnerability Description
vtiger CRM 是基于web的开源客户关系管理系统。 vtiger CRM 5.2.1之前版本中存在多个跨站脚本攻击漏洞。远程攻击者可以借助对index.php文件的Users Login操作中的(1)username(又名default_user_name)字段,或者(2)password字段,或者(3)对index.php文件的GetFieldInfo操作中的label参数注入任意web脚本或者HTML。
CVSS Information
N/A
Vulnerability Type
N/A