Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
BrowserCRM vulnerable for XSS
Jan 31 2006 12:03AM
preben watchcom no
Inputs in the BrowserCRM is not properly sanitized, and XSS is possible in a lot of the systems input fields and url parameters.
Some fields have been filtered in a basic form, so that simple scripting like "<script>alert('XSS')</script>" is not possible. Howevere, since the filtering is not based ...
[ more ]
Copyright 2010, SecurityFocus