Xrms Crm Security Vulnerabilities and Issues — Xrms Crm CVE List

Lucene search

XrmsXrms Crm

5 matches found

CVE•added 2008/09/05 4:8 p.m.•43 views

CVE-2008-3664

Multiple cross-site scripting (XSS) vulnerabilities in XRMS allow remote attackers to inject arbitrary web script or HTML via (1) the real name field, related to the user list; (2) the target parameter to login.php, (3) the title parameter to activities/some.php, (4) the company_name parameter to c...

4.3CVSS5.8AI score0.00346EPSS

CVE•added 2008/07/31 4:41 p.m.•33 views

CVE-2008-3400

XRMS CRM 1.99.2 allows remote attackers to obtain configuration information via a direct request to tests/info.php, which calls the phpinfo function.

4.3CVSS6.3AI score0.02664EPSS

CVE•added 2008/09/05 4:8 p.m.•33 views

CVE-2008-3948

SQL injection vulnerability in admin/users/self-2.php in XRMS allows remote attackers to execute arbitrary SQL commands and modify name and email fields via unspecified vectors.

7.5CVSS8.4AI score0.00403EPSS

CVE•added 2008/07/31 4:41 p.m.•29 views

CVE-2008-3398

Multiple cross-site scripting (XSS) vulnerabilities in XRMS CRM 1.99.2 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to unspecified components, possibly including login.php. NOTE: this may overlap CVE-2008-1129.

2.6CVSS5.8AI score0.03788EPSS

CVE•added 2008/07/31 4:41 p.m.•26 views

CVE-2008-3399

PHP remote file inclusion vulnerability in activities/workflow-activities.php in XRMS CRM 1.99.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the include_directory parameter.

6.8CVSS7.6AI score0.00941EPSS