Unrated severityNVD Advisory· Published Nov 26, 2005· Updated Apr 16, 2026

CVE-2005-3818

Description

Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a DetailView action in the Leads module for index.php, (3) the $_SERVER['PHP_SELF'] variable, which is used in multiple locations such as index.php, and (4) aggregated RSS feeds in the RSS aggregation module.

Affected products

Vtiger/Vtiger CRM
cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*
Range: <=4.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.hardened-php.net/advisory_232005.105.htmlnvdExploitVendor Advisory
www.securityfocus.com/bid/15562nvdExploit
secunia.com/advisories/17693nvdVendor Advisory
securitytracker.com/idnvd
www.osvdb.org/21227nvd
www.osvdb.org/21228nvd
www.osvdb.org/21229nvd
www.osvdb.org/21230nvd
www.securityfocus.com/archive/1/417730/30/0/threadednvd
www.vupen.com/english/advisories/2005/2569nvd
exchange.xforce.ibmcloud.com/vulnerabilities/23362nvd
exchange.xforce.ibmcloud.com/vulnerabilities/23363nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000