|| Security Net Advisory #D.3.9.06.a

Title  : Vtiger CRM version 4.2.4 Multiple Vulnerabilities
Impact : Cross Site Scripting
         Security Bypass
Type   : Remote
Vendor :
  - Url    : http://www.vtiger.com
  - Status : Vendor was first contacted on 29.8.2006.

|| Vulnerability


1. XSS

   Content of variable 'description' in all modules is not properly
   sanitised before returning to user. This can be exploited to
   execute arbitrary HTML and script code in a user's browser session.

   Content of variable 'solution' in module 'HelpDesk' is not properly
   sanitised before returning to user. This can be exploited to
   execute arbitrary HTML and script code in a user's browser session.

2. Privileges bypass

   Any user can access administrators modules with using URLs of wanted
   modules, options, etc ... There is no privileges check.

   Example:
   If we loged as no-admin user we can visit link:
   http://[host]/[vtiger_crm]/index.php?module=Settings&action=index,
   and use settings module.

|| Contact

Author : Ivan Markovic
Site   : www.security-net.biz