Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 index.php, 2 modules/admin/adminmoduleindex.php, or 3 modules/calendar/customisecalendartimes.php; login parameter to 4 index.ph...