CVE-2011-5145

Multiple SQL injection vulnerabilities in Open Business Management OBM 2.4.0-rc13 and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 seldomainid or 2 action parameter to obm.php; 3 tfuser parameter in a search action to group/groupindex.php; 4...

CVE-2011-5142

Multiple cross-site scripting XSS vulnerabilities in Open Business Management OBM 2.4.0-rc13 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the 1 tfdelegation, 2 tfip, or 3 tfname parameter in a search action to host/hostindex.php; 4 login parameter to...