|
Description
|
|
Multiple vulnerabilities have been identified in vtiger CRM, which could be exploited by attackers to execute arbitrary scripting code or bypass security restrictions.
The first issue is due to missing access control restrictions in certain sections, which could be exploited by malicious users to gain access to restricted administrative functionalities (e.g. the "settings" module).
The second flaw is due to input validation errors in various modules that do not validate the "description" parameter, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.
The third vulnerability is due to an input validation error in the "HelpDesk" module that does not validate the "solution" parameter, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.
|
