XSS on XRMS- open source CRM

From: vijayv@xxxxxxxxxxxxxx
Date: 28 Feb 2008 17:24:00 -0000

XRMS: An open source web enabled LAMP based CRM.
Vulnerability: Confirmation messages upon updates in XRMS are clear text passed across in the URL. Simple test of injection of a script resulted in exposing cross site scripting vulnerability.

Prev by Date: RE: Buffer-overflow in the passwords handling of Trend Micro OfficeScan 8.0 and possibly other products
Next by Date: rPSA-2008-0084-1 lighttpd
Previous by thread: PR07-41: XSS on Juniper Networks Secure Access 2000
Next by thread: rPSA-2008-0084-1 lighttpd
Index(es):
- Date
- Thread

Relevant Pages

[Full-disclosure] [SECURITY] [DSA 2016-1] New drupal6 packages fix several vulnerabilities
... Vulnerability: several ... Debian Bug: 572439 ... Installation cross site scripting ... Locale module cross site scripting ...
(Full-Disclosure)
[SECURITY] [DSA 2016-1] New drupal6 packages fix several vulnerabilities
... Vulnerability: several ... Debian Bug: 572439 ... Installation cross site scripting ... Locale module cross site scripting ...
(Bugtraq)
[Full-disclosure] [CVE-2010-0432] Apache OFBiz Multiple XSS Vulnerabilities
... Multiple XSS in Apache OFBiz ... *Vulnerability Information* ... A Reflected Cross Site Scripting vulnerability was found in the ...
(Full-Disclosure)
[CVE-2010-0432] Apache OFBiz Multiple XSS Vulnerabilities
... Bonsai Information Security - Advisory ... Multiple XSS in Apache OFBiz ... *Vulnerability Information* ... A Reflected Cross Site Scripting vulnerability was found in the ...
(Bugtraq)
[Full-Disclosure] [SCSA-020] Multiple vulnerabilities in AttilaPHP
... Multiple vulnerabilities in AttilaPHP ... IMPACT: Cross Site Scripting ... This kind of attack known as "Cross-Site Scripting Vulnerability" ... You can fix the path disclosure problem by adding this code in ...
(Full-Disclosure)