PerfectView CRM Cross Site Scripting

Type packetstorm
Reporter Juan Sacco
Modified 2014-07-08T00:00:00


                                            `# Affected software: PerfectView CRM  
# Description: PerfectView CRM is a software for Relationship Management,  
Marketing & Sales  
# Type of vulnerability: XSS Persistent  
# URL:  
# Discovered by: Provensec  
# Website:  
# Description: PerfectView is prone to a Persistent Cross Site Scripting  
that allows a malicious user to inject HTML or scripts that can access any  
cookies, session tokens, or other  
sensitive information retained by your browser and used with that site.  
# Proof of concept  
# 1. Create a Conversation report as a Normal user inside "To Do".  
# 2. Select the new conversation  
# 3. Add a note with the following value: "><script>alert('XSS by  
# 5. Save the conversation and use the functionality in To Do menu to  
forward it to a colleague.  
# Screenshot attached