Unrated severityNVD Advisory· Published Nov 26, 2005· Updated Jun 16, 2026
CVE-2005-3818
CVE-2005-3818
Description
Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a DetailView action in the Leads module for index.php, (3) the $_SERVER['PHP_SELF'] variable, which is used in multiple locations such as index.php, and (4) aggregated RSS feeds in the RSS aggregation module.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
12- www.hardened-php.net/advisory_232005.105.htmlnvdExploitVendor Advisory
- www.securityfocus.com/bid/15562nvdExploit
- secunia.com/advisories/17693nvdVendor Advisory
- securitytracker.com/idnvd
- www.osvdb.org/21227nvd
- www.osvdb.org/21228nvd
- www.osvdb.org/21229nvd
- www.osvdb.org/21230nvd
- www.securityfocus.com/archive/1/417730/30/0/threadednvd
- www.vupen.com/english/advisories/2005/2569nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/23362nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/23363nvd
News mentions
0No linked articles in our index yet.