Unrated severityNVD Advisory· Published Sep 3, 2008· Updated Apr 23, 2026

CVE-2008-3101

Description

Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php.

Affected products

Vtiger/Vtiger CRM
cpe:2.3:a:vtiger:vtiger_crm:5.0.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/31679nvdPatchVendor Advisory
www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.htmlnvdExploit
www.securityfocus.com/bid/30951nvdExploitPatch
securityreason.com/securityalert/4208nvd
www.securityfocus.com/archive/1/495885/100/0/threadednvd
www.vtiger.de/vtiger-crm/downloads/patches.htmlnvd
www.vupen.com/english/advisories/2008/2471nvd
exchange.xforce.ibmcloud.com/vulnerabilities/44792nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.006
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000