CVE-2011-5214 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Browsercrm	Browsercrm

Configuration 1 [-]

OR	cpe:2.3:a:browsercrm:browsercrm::::::::
	cpe:2.3:a:browsercrm:browsercrm:4.604.01:::::::*
	cpe:2.3:a:browsercrm:browsercrm:4.605.00:::::::*
	cpe:2.3:a:browsercrm:browsercrm:4.607.00:::::::*
	cpe:2.3:a:browsercrm:browsercrm:4.610.00:::::::*
	cpe:2.3:a:browsercrm:browsercrm:4.611.01:::::::*
	cpe:2.3:a:browsercrm:browsercrm:4.612.00:::::::*
	cpe:2.3:a:browsercrm:browsercrm:4.614.00:::::::*
	cpe:2.3:a:browsercrm:browsercrm:4.615.10:::::::*
	cpe:2.3:a:browsercrm:browsercrm:4.615.11:::::::*
	cpe:2.3:a:browsercrm:browsercrm:4.616.00:::::::*
	cpe:2.3:a:browsercrm:browsercrm:4.617.00:::::::*
	cpe:2.3:a:browsercrm:browsercrm:4.619.00:::::::*
	cpe:2.3:a:browsercrm:browsercrm:4.620.01:::::::*
	cpe:2.3:a:browsercrm:browsercrm:4.622.00:::::::*
	cpe:2.3:a:browsercrm:browsercrm:4.624.00:::::::*
	cpe:2.3:a:browsercrm:browsercrm:4.624.01:::::::*
	cpe:2.3:a:browsercrm:browsercrm:4.624.50:::::::*
	cpe:2.3:a:browsercrm:browsercrm:4.624.60:::::::*
	cpe:2.3:a:browsercrm:browsercrm:4.624.70:::::::*
	cpe:2.3:a:browsercrm:browsercrm:4.624.80:::::::*
	cpe:2.3:a:browsercrm:browsercrm:4.624.90:::::::*
	cpe:2.3:a:browsercrm:browsercrm:4.691.01:::::::*
	cpe:2.3:a:browsercrm:browsercrm:4.999.20:::::::*
	cpe:2.3:a:browsercrm:browsercrm:5.000.00:::::::*
	cpe:2.3:a:browsercrm:browsercrm:5.000.01:::::::*
	cpe:2.3:a:browsercrm:browsercrm:5.001.00:::::::*
	cpe:2.3:a:browsercrm:browsercrm:5.002.00:::::::*
	cpe:2.3:a:browsercrm:browsercrm:5.100.00:::::::*

No data.

References

Link	Providers
http://osvdb.org/77728
http://osvdb.org/77729
http://osvdb.org/77730
http://osvdb.org/77731
http://osvdb.org/77732
http://secunia.com/advisories/47217
https://exchange.xforce.ibmcloud.com/vulnerabilities/71827
https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_browser_crm.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-10-25T17:00:00

Updated: 2024-08-07T00:30:46.778Z

Reserved: 2012-10-25T00:00:00

Link: CVE-2011-5214

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-10-25T17:55:02.750

Modified: 2017-08-29T01:30:44.727

Link: CVE-2011-5214

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object