CVE-2011-5214

Published: Oct 25, 2012Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.

Affected (29)

Products: Browsercrm: Browsercrm

Browsercrm

1 product

Browsercrm

Configuration A

29 vulnerable

Vulnerable Software	Affected Versions
Browsercrm Browsercrm	Up to 5.100.01
Browsercrm Browsercrm	Version 4.604.01
Browsercrm Browsercrm	Version 4.605.00
Browsercrm Browsercrm	Version 4.607.00
Browsercrm Browsercrm	Version 4.610.00
Browsercrm Browsercrm	Version 4.611.01
Browsercrm Browsercrm	Version 4.612.00
Browsercrm Browsercrm	Version 4.614.00
Browsercrm Browsercrm	Version 4.615.10
Browsercrm Browsercrm	Version 4.615.11
Browsercrm Browsercrm	Version 4.616.00
Browsercrm Browsercrm	Version 4.617.00
Browsercrm Browsercrm	Version 4.619.00
Browsercrm Browsercrm	Version 4.620.01
Browsercrm Browsercrm	Version 4.622.00
Browsercrm Browsercrm	Version 4.624.00
Browsercrm Browsercrm	Version 4.624.01
Browsercrm Browsercrm	Version 4.624.50
Browsercrm Browsercrm	Version 4.624.60
Browsercrm Browsercrm	Version 4.624.70
Browsercrm Browsercrm	Version 4.624.80
Browsercrm Browsercrm	Version 4.624.90
Browsercrm Browsercrm	Version 4.691.01
Browsercrm Browsercrm	Version 4.999.20
Browsercrm Browsercrm	Version 5.000.00
Browsercrm Browsercrm	Version 5.000.01
Browsercrm Browsercrm	Version 5.001.00
Browsercrm Browsercrm	Version 5.002.00
Browsercrm Browsercrm	Version 5.100.00