VTiger CRM HTML Injection and Access Control Bypass Vulnerabilities

VTiger CRM HTML Injection and Access Control Bypass Vulnerabilities

The vtiger CRM is prone to HTML-injection and access-control-bypass vulnerabilities because the application fails to properly sanitize user-supplied input and effectively control access to administrative modules.

Version 4.2.4 of vtiger CRM is reportedly affected; previous versions may be vulnerable as well.