XSS on XRMS- open source CRM



XRMS: An open source web enabled LAMP based CRM.
Vulnerability: Confirmation messages upon updates in XRMS are clear text passed across in the URL. Simple test of injection of a script resulted in exposing cross site scripting vulnerability.



Relevant Pages