Multiple vulnerabilities in Browser CRM

Vulnerability ID: HTB23059 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinbrowsercrm.html Product: Browser CRM Vendor: BrowserCRM Limited http://www.browsercrm.com Vulnerable Version: 5.100.01 and probably prior Tested Version: 5.100.01 Vendor Notification: 23 November 2011...

Browser CRM 5.100.01 Cross Site Scripting / SQL Injection

Vulnerability ID: HTB23059 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinbrowsercrm.html Product: Browser CRM Vendor: BrowserCRM Limited http://www.browsercrm.com Vulnerable Version: 5.100.01 and probably prior Tested Version: 5.100.01 Vendor Notification: 23 November 2011...

BrowserCRM 5.100.1 - URI Cross-Site Scripting

BrowserCRM 5.100.1 - URI Cross-Site Scripting source: https://www.securityfocus.com/bid/51060/info Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these...

BrowserCRM 5.100.1 licence/view.php framed Parameter XSS

BrowserCRM 5.100.1 licence/view.php framed Parameter XSS. CVE-2011-5214 . Webapps exploit for php platform source: http://www.securityfocus.com/bid/51060/info Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to...

BrowserCRM 5.100.1 - URI Cross-Site Scripting

source: https://www.securityfocus.com/bid/51060/info Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these vulnerabilities could allow an attacker to steal...

BrowserCRM 5.100.1 - 'framed' Cross-Site Scripting

source: https://www.securityfocus.com/bid/51060/info Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these vulnerabilities could allow an attacker to steal...

BrowserCRM 5.100.1 - contact_id SQL Injection

BrowserCRM 5.100.1 - contactid SQL Injection source: https://www.securityfocus.com/bid/51060/info Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these...

BrowserCRM 5.100.1 - 'parent_id' SQL Injection

source: https://www.securityfocus.com/bid/51060/info Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these vulnerabilities could allow an attacker to steal...

BrowserCRM 5.100.1 - login[] Cross-Site Scripting

BrowserCRM 5.100.1 - login Cross-Site Scripting source: https://www.securityfocus.com/bid/51060/info Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these...

Multiple vulnerabilities in Browser CRM

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Browser CRM, which can be exploited to perform cross-site scripting and SQL injection attacks. 1 Cross-Site Scripting in Browser CRM 1.1 Input appended to the URL after multiple files is not properly sanitised...