CVE-2011-5214
25.10.2012, 17:55
Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.
| Vendor | Product | Version |
|---|---|---|
| browsercrm | browsercrm | 𝑥 ≤ 5.100.01 |
| browsercrm | browsercrm | 4.604.01 |
| browsercrm | browsercrm | 4.605.00 |
| browsercrm | browsercrm | 4.607.00 |
| browsercrm | browsercrm | 4.610.00 |
| browsercrm | browsercrm | 4.611.01 |
| browsercrm | browsercrm | 4.612.00 |
| browsercrm | browsercrm | 4.614.00 |
| browsercrm | browsercrm | 4.615.10 |
| browsercrm | browsercrm | 4.615.11 |
| browsercrm | browsercrm | 4.616.00 |
| browsercrm | browsercrm | 4.617.00 |
| browsercrm | browsercrm | 4.619.00 |
| browsercrm | browsercrm | 4.620.01 |
| browsercrm | browsercrm | 4.622.00 |
| browsercrm | browsercrm | 4.624.00 |
| browsercrm | browsercrm | 4.624.01 |
| browsercrm | browsercrm | 4.624.50 |
| browsercrm | browsercrm | 4.624.60 |
| browsercrm | browsercrm | 4.624.70 |
| browsercrm | browsercrm | 4.624.80 |
| browsercrm | browsercrm | 4.624.90 |
| browsercrm | browsercrm | 4.691.01 |
| browsercrm | browsercrm | 4.999.20 |
| browsercrm | browsercrm | 5.000.00 |
| browsercrm | browsercrm | 5.000.01 |
| browsercrm | browsercrm | 5.001.00 |
| browsercrm | browsercrm | 5.002.00 |
| browsercrm | browsercrm | 5.100.00 |
𝑥
= Vulnerable software versions
References