Lucene search
Fabian FingerleEDB-ID:32326HistorySep 04, 2008 - 12:00 a.m.
XRms 1.99.2 - 'file_id' Cross-Site Scripting
2008-09-0400:00:00
Fabian Fingerle
www.exploit-db.com
18
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/31008/info
XRMS CRM is prone to multiple input-validation vulnerabilities, including an unspecified SQL-injection issue, an HTML-injection issue, and multiple cross-site scripting issues. The vulnerabilities occur because the application fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/xrms/files/some.php?file_id="><script>alert(1);</script>Related
exploitdb
exploitdb
XRms 1.99.2 - 'company_name' Cross-Site Scripting
2008-09-04 00:00:00
XRms 1.99.2 - 'opportunity_title' Cross-Site Scripting
2008-09-04 00:00:00
XRms 1.99.2 - 'last_name' Cross-Site Scripting
2008-09-04 00:00:00
securityvulns
securityvulns
openvas
openvas
XRMS Multiple Vulnerabilities (CVE-2008-3664)
2009-03-15 00:00:00
cvelist
cvelist
CVE-2008-3664
2008-09-05 16:00:00
cve
cve
CVE-2008-3664
2008-09-05 16:08:00
prion
prion
Cross site scripting
2008-09-05 16:08:00
packetstorm
packetstorm
xrms-sqlxss.txt
2008-09-04 00:00:00
nvd
nvd
CVE-2008-3664
2008-09-05 16:08:00