CVE-2020-19362 - OpenCVE

Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Vtiger	Vtiger Crm

Configuration 1 [-]

cpe:2.3:a:vtiger:vtiger_crm:7.2.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://emreovunc.com/blog/en/vtiger_crm_xss_03.png
https://github.com/EmreOvunc/Vtiger-CRM-Vulnerabilities/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-01-20T00:42:56

Updated: 2024-08-04T14:08:30.667Z

Reserved: 2020-08-13T00:00:00

Link: CVE-2020-19362

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-01-20T01:15:13.333

Modified: 2021-01-22T20:40:36.050

Link: CVE-2020-19362

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-20T00:42:56", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/EmreOvunc/Vtiger-CRM-Vulnerabilities/"}, {"tags": ["x_refsource_MISC"], "url": "https://emreovunc.com/blog/en/vtiger_crm_xss_03.png"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-19362", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/EmreOvunc/Vtiger-CRM-Vulnerabilities/", "refsource": "MISC", "url": "https://github.com/EmreOvunc/Vtiger-CRM-Vulnerabilities/"}, {"name": "https://emreovunc.com/blog/en/vtiger_crm_xss_03.png", "refsource": "MISC", "url": "https://emreovunc.com/blog/en/vtiger_crm_xss_03.png"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T14:08:30.667Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/EmreOvunc/Vtiger-CRM-Vulnerabilities/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://emreovunc.com/blog/en/vtiger_crm_xss_03.png"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-19362", "datePublished": "2021-01-20T00:42:56", "dateReserved": "2020-08-13T00:00:00", "dateUpdated": "2024-08-04T14:08:30.667Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vtiger:vtiger_crm:7.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "67080A37-5696-44F6-ABEC-8F1F6D646E95", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page."}, {"lang": "es", "value": "Una vulnerabilidad de tipo XSS reflejado en Vtiger CRM versi\u00f3n v7.2.0, en el archivo vtigercrm/index.php? mediante el par\u00e1metro view puede resultar en que un atacante lleve a cabo acciones maliciosas para usuarios que abren un v\u00ednculo dise\u00f1ado malicioso o una p\u00e1gina web de terceros"}], "id": "CVE-2020-19362", "lastModified": "2021-01-22T20:40:36.050", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-01-20T01:15:13.333", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://emreovunc.com/blog/en/vtiger_crm_xss_03.png"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/EmreOvunc/Vtiger-CRM-Vulnerabilities/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}