Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2011-4670

Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) viewname parameter in a CalendarAjax action, (2) activity_mode parameter in a DetailView action, (3) contact_id and (4) parent_id parameters in an EditView action, (5) day, (6) month, (7) subtab, (8) view, and (9) viewOption parameters in the index action, and (10) start parameter in the ListView action to the Calendar module; (11) return_action and (12) return_module parameters in the EditView action, and (13) query parameter in an index action to the Campaigns module; (14) return_url and (15) workflow_id parameters in an editworkflow action to the com_vtiger_workflow module; (16) display_view parameter in an index action to the Dashboard module; (17) closingdate_end, (18) closingdate_start, (19) date_closed, (20) owner, (21) leadsource, (22) sales_stage, and (23) type parameters in a ListView action to the Potentials module; (24) folderid parameter in a SaveandRun action to the Reports module; (25) returnaction and (26) groupId parameters in a createnewgroup action, (27) mode and (28) parent parameters in a createrole action, (29) src_module in a ModuleManager action, (30) mode and (31) profile_id parameters in a profilePrivileges action, and (32) roleid parameter in a RoleDetailView to the Settings module; and (33) action parameter to the Home module and (34) module parameter to phprint.php.

Security Impact Summary

CVE-2011-4670 is a security vulnerability that . Impacting 1 product from vtiger organizations running these solutions should prioritize assessment and patching.

Historical Context

Documented in 2011, this vulnerability occurred amid the cloud computing expansion era, where traditional network perimeter security models were being reevaluated. Organizations were transitioning from isolated infrastructure to interconnected systems, creating new attack surfaces that vulnerabilities like this could exploit.

Published

2011-12-02T16:55:02.420

Last Modified

2026-04-29T01:13:23.040

Status

Modified

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	vtiger	vtiger_crm	≤ 5.2.1	Yes

References

http://osvdb.org/76005 Broken Link ([email protected])
http://osvdb.org/76006 Broken Link ([email protected])
http://seclists.org/fulldisclosure/2011/Oct/154 Exploit, Mailing List, Third Party Advisory ([email protected])
http://www.securityfocus.com/archive/1/519993/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/49927 Exploit, Third Party Advisory, VDB Entry ([email protected])
http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_XSS Exploit ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/70306 Third Party Advisory, VDB Entry ([email protected])
https://www.exploit-db.com/exploits/36203/ Third Party Advisory, VDB Entry ([email protected])
https://www.exploit-db.com/exploits/36204/ Third Party Advisory, VDB Entry ([email protected])
http://osvdb.org/76005 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/76006 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2011/Oct/154 Exploit, Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/519993/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/49927 Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_XSS Exploit (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/70306 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/36203/ Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/36204/ Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For vtiger's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.