{"bulletinFamily": "exploit", "id": "EDB-ID:39998", "cvelist": [], "modified": "2016-06-21T00:00:00", "lastseen": "2016-06-21T21:13:31", "edition": 1, "sourceData": "# Exploit Title: YetiForce CRM < 3.1 - Persistant XSS Vulnerability\r\n# Exploit Author: David Silveiro \r\n# Exploit Author Github: github.com/davidsilveiro\r\n# Exploit Author Twitter: twitter.com/david_silveiro \r\n# Vendor Homepage: https://yetiforce.com/\r\n# Software Link: http://sourceforge.net/projects/yetiforce/\r\n# Date: Fixed on 20th June 2016\r\n\r\nYetiForce CRM was built on a rock-solid Vtiger foundation, but has hundreds of changes that help to accomplish even the most challenging tasks in the simplest way\r\n\r\nYetiForce is vulnerable to a stored XSS vulnerability present within a users comment section.\r\n\r\nPOC:\r\n\r\nWithin 'Companies & Accounts > Accounts' select your prefered user, and then in the 'Comments' section input;\r\n\r\n<img src=x onerror=alert('XSS');>\r\n\r\nEither refresh the current page, or navigate back to 'Accounts'\r\n", "published": "2016-06-21T00:00:00", "href": "https://www.exploit-db.com/exploits/39998/", "osvdbidlist": [], "reporter": "David Silveiro", "hash": "5cc7b9301d99a9e124992cfd8ca2d1634d71838beac23da3b52dc11019a45d30", "title": "YetiForce CRM < 3.1 - Persistent XSS", "history": [], "type": "exploitdb", "objectVersion": "1.0", "description": "YetiForce CRM < 3.1 - Persistent XSS. Webapps exploit for php platform", "references": [], "cvss": {"score": 0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/39998/", "enchantments": {"vulnersScore": 5.8}}

{"result": {}}