vtiger.com suffers from a persistent cross site scripting vulnerability.
1b9a321cd6f74e699037983b2c238616b8c4bb11438d63766de2df5e758a9107
# Affected software: vtiger.com
# Discovered by: Provensec
# Website: http://www.provensec.com
# Type of vulnerability: XSS Stored
# Description: Paydirt is currently integrated with Chrome and Firefox
1 Goto site.vtiger.com/index.php?module=Contacts&view=List
2 add new contact fill fields with xss payload "><img src=x
onerror=confirm(1);>
3 Then click on the added contact from the list and click see full
details