CVE-2011-5214

Exp

Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.

Published: 2012-10-25 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2011-5214 is rated High Exploit Risk (62.1/100): CVSS Medium severity, with high exploitation likelihood (EPSS 4.85%, 91th percentile). 5 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2011-5214

EDB-ID Source Kind Published Link
36450 exploit_db edb 2011-12-14 Exploit-DB ↗
36454 exploit_db edb 2011-12-14 Exploit-DB ↗
36451 exploit_db edb 2011-12-14 Exploit-DB ↗
36453 exploit_db edb 2011-12-14 Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2011-5214

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 6.77% 4.85% -1.92%
2 2026-03-26 8.08% 6.77% -1.31%
3 2026-03-02 8.08%

Full EPSS history (15 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2011-5214

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
4.3 2.0 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:N)
No availability impact.
 8.6 2.9 [email protected]

Weakness enumeration for CVE-2011-5214

Affected software / configurations for CVE-2011-5214

Vendor Product Version Raw CPE
browsercrm browsercrm <= 5.100.01 cpe:2.3:a:browsercrm:browsercrm:*:*:*:*:*:*:*:*
browsercrm browsercrm 4.604.01 cpe:2.3:a:browsercrm:browsercrm:4.604.01:*:*:*:*:*:*:*
browsercrm browsercrm 4.605.00 cpe:2.3:a:browsercrm:browsercrm:4.605.00:*:*:*:*:*:*:*
browsercrm browsercrm 4.607.00 cpe:2.3:a:browsercrm:browsercrm:4.607.00:*:*:*:*:*:*:*
browsercrm browsercrm 4.610.00 cpe:2.3:a:browsercrm:browsercrm:4.610.00:*:*:*:*:*:*:*
browsercrm browsercrm 4.611.01 cpe:2.3:a:browsercrm:browsercrm:4.611.01:*:*:*:*:*:*:*
browsercrm browsercrm 4.612.00 cpe:2.3:a:browsercrm:browsercrm:4.612.00:*:*:*:*:*:*:*
browsercrm browsercrm 4.614.00 cpe:2.3:a:browsercrm:browsercrm:4.614.00:*:*:*:*:*:*:*
browsercrm browsercrm 4.615.10 cpe:2.3:a:browsercrm:browsercrm:4.615.10:*:*:*:*:*:*:*
browsercrm browsercrm 4.615.11 cpe:2.3:a:browsercrm:browsercrm:4.615.11:*:*:*:*:*:*:*
browsercrm browsercrm 4.616.00 cpe:2.3:a:browsercrm:browsercrm:4.616.00:*:*:*:*:*:*:*
browsercrm browsercrm 4.617.00 cpe:2.3:a:browsercrm:browsercrm:4.617.00:*:*:*:*:*:*:*
browsercrm browsercrm 4.619.00 cpe:2.3:a:browsercrm:browsercrm:4.619.00:*:*:*:*:*:*:*
browsercrm browsercrm 4.620.01 cpe:2.3:a:browsercrm:browsercrm:4.620.01:*:*:*:*:*:*:*
browsercrm browsercrm 4.622.00 cpe:2.3:a:browsercrm:browsercrm:4.622.00:*:*:*:*:*:*:*
browsercrm browsercrm 4.624.00 cpe:2.3:a:browsercrm:browsercrm:4.624.00:*:*:*:*:*:*:*
browsercrm browsercrm 4.624.01 cpe:2.3:a:browsercrm:browsercrm:4.624.01:*:*:*:*:*:*:*
browsercrm browsercrm 4.624.50 cpe:2.3:a:browsercrm:browsercrm:4.624.50:*:*:*:*:*:*:*
browsercrm browsercrm 4.624.60 cpe:2.3:a:browsercrm:browsercrm:4.624.60:*:*:*:*:*:*:*
browsercrm browsercrm 4.624.70 cpe:2.3:a:browsercrm:browsercrm:4.624.70:*:*:*:*:*:*:*
browsercrm browsercrm 4.624.80 cpe:2.3:a:browsercrm:browsercrm:4.624.80:*:*:*:*:*:*:*
browsercrm browsercrm 4.624.90 cpe:2.3:a:browsercrm:browsercrm:4.624.90:*:*:*:*:*:*:*
browsercrm browsercrm 4.691.01 cpe:2.3:a:browsercrm:browsercrm:4.691.01:*:*:*:*:*:*:*
browsercrm browsercrm 4.999.20 cpe:2.3:a:browsercrm:browsercrm:4.999.20:*:*:*:*:*:*:*
browsercrm browsercrm 5.000.00 cpe:2.3:a:browsercrm:browsercrm:5.000.00:*:*:*:*:*:*:*
browsercrm browsercrm 5.000.01 cpe:2.3:a:browsercrm:browsercrm:5.000.01:*:*:*:*:*:*:*
browsercrm browsercrm 5.001.00 cpe:2.3:a:browsercrm:browsercrm:5.001.00:*:*:*:*:*:*:*
browsercrm browsercrm 5.002.00 cpe:2.3:a:browsercrm:browsercrm:5.002.00:*:*:*:*:*:*:*
browsercrm browsercrm 5.100.00 cpe:2.3:a:browsercrm:browsercrm:5.100.00:*:*:*:*:*:*:*

References for CVE-2011-5214

cvelogic Threat Intelligence