XSS on XRMS- open source CRM
- From: vijayv@xxxxxxxxxxxxxx
- Date: 28 Feb 2008 17:24:00 -0000
XRMS: An open source web enabled LAMP based CRM.
Vulnerability: Confirmation messages upon updates in XRMS are clear text passed across in the URL. Simple test of injection of a script resulted in exposing cross site scripting vulnerability.
- Prev by Date: RE: Buffer-overflow in the passwords handling of Trend Micro OfficeScan 8.0 and possibly other products
- Next by Date: rPSA-2008-0084-1 lighttpd
- Previous by thread: PR07-41: XSS on Juniper Networks Secure Access 2000
- Next by thread: rPSA-2008-0084-1 lighttpd