Lucene search

CVE-2018-16654

🗓️ 07 Sep 2018 05:00:29Reported by mitreType

cve🔗 web.nvd.nist.gov👁 30 Views🌐 WEB

Zurmo 3.2.4 XSS vulnerability in details page

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 3
NVD	CVE-2018-16654	7 Sep 201805:29	–	nvd
Cvelist	CVE-2018-16654	7 Sep 201805:00	–	cvelist
Prion	Design/Logic Flaw	7 Sep 201805:29	–	prion

Nvd

Node

zurmo zurmo_crmMatch3.2.4

Source	Link
bitbucket	www.bitbucket.org/zurmo/zurmo/issues/441

Parameter	Position	Path	Description	CWE
id	query param	/app/index.php/accounts/default/details	XSS vulnerability in Zurmo allows attackers to inject malicious scripts via query parameters.	CWE-79
kanbanBoard	query param	/app/index.php/accounts/default/details	XSS vulnerability in Zurmo allows attackers to inject malicious scripts via query parameters.	CWE-79
openToTaskId	query param	/app/index.php/accounts/default/details	XSS vulnerability in Zurmo allows attackers to inject malicious scripts via query parameters.	CWE-79

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

07 Sep 2018 05:29Current

5.9Medium risk

Vulners AI Score5.9

CVSS24.3

CVSS36.1

EPSS0.0024

CWE-79