ConcourseSuite Multiple Cross Site Scripting and Cross Site Request Forgery Vulnerabilities

ConcourseSuite Multiple Cross Site Scripting and Cross Site Request Forgery Vulnerabilities

An attacker must trick an unsuspecting victim into following a malicious URI to exploit these issues.

The following example URIs are available:

http://www.example.com/crm/Sales.do?nameFirst&nameLast
http://www.example.com/crm/ExternalContacts.do?nameFirst&nameLast&company
http://www.example.com/crm/Accounts.do?name
http://www.example.com/crm/MyCFSProfile.do?address1state