CVE-2006-4587
Published Sep 6, 2006
Last updated 14 years ago
Overview
- Description
- Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) description parameter in unspecified modules or the (2) solution parameter in the HelpDesk module.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vtiger:vtiger_crm:4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D8B3F151-0398-42C7-B194-FF528696D1E7"
},
{
"criteria": "cpe:2.3:a:vtiger:vtiger_crm:4.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "57840915-C75E-4D62-A017-E60DD1396D34"
}
],
"operator": "OR"
}
]
}
]