Inputs in the BrowserCRM is not properly sanitized, and XSS is possible in a lot of the systems input fields and url parameters.
Some fields have been filtered in a basic form, so that simple scripting like "<script>alert('XSS')</script>" is not possible. Howevere, since the filtering is not based ...
Some fields have been filtered in a basic form, so that simple scripting like "<script>alert('XSS')</script>" is not possible. Howevere, since the filtering is not based ...
[ more ]