Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2008-3664

Published: 05/09/2008 Updated: 11/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 475
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Xrms Crm

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in XRMS allow remote malicious users to inject arbitrary web script or HTML via (1) the real name field, related to the user list; (2) the target parameter to login.php, (3) the title parameter to activities/some.php, (4) the company_name parameter to companies/some.php, (5) the last_name parameter to contacts/some.php, (6) the campaign_title parameter to campaigns/some.php, (7) the opportunity_title parameter to opportunities/some.php, (8) the case_title parameter to cases/some.php, (9) the file_id parameter to files/some.php, or (10) the starting parameter to reports/custom/mileage.php, a related issue to CVE-2008-1129.

Vulnerable Product Search on Vulmon Subscribe to Product

xrms xrms crm

Exploits

Exploit DB: xrms-sqlxss.txt
XRMS suffers from multiple cross site scripting and SQL injection vulnerabilities ...
Exploit DB: XRms 1.99.2 - 'starting' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/31008/info XRMS CRM is prone to multiple input-validation vulnerabilities, including an unspecified SQL-injection issue, an HTML-injection issue, and multiple cross-site scripting issues The vulnerabilities occur because the application fails to sufficiently sanitize user-supplied data Ex ...
Exploit DB: XRms 1.99.2 - 'file_id' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/31008/info XRMS CRM is prone to multiple input-validation vulnerabilities, including an unspecified SQL-injection issue, an HTML-injection issue, and multiple cross-site scripting issues The vulnerabilities occur because the application fails to sufficiently sanitize user-supplied data Expl ...
Exploit DB: XRms 1.99.2 - 'company_name' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/31008/info XRMS CRM is prone to multiple input-validation vulnerabilities, including an unspecified SQL-injection issue, an HTML-injection issue, and multiple cross-site scripting issues The vulnerabilities occur because the application fails to sufficiently sanitize user-supplied data Exploiting the ...
Exploit DB: XRms 1.99.2 - 'opportunity_title' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/31008/info XRMS CRM is prone to multiple input-validation vulnerabilities, including an unspecified SQL-injection issue, an HTML-injection issue, and multiple cross-site scripting issues The vulnerabilities occur because the application fails to sufficiently sanitize user-supplied data Exploiti ...
Exploit DB: XRms 1.99.2 - 'title' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/31008/info XRMS CRM is prone to multiple input-validation vulnerabilities, including an unspecified SQL-injection issue, an HTML-injection issue, and multiple cross-site scripting issues The vulnerabilities occur because the application fails to sufficiently sanitize user-supplied data Exploiting these ...
Exploit DB: XRms 1.99.2 - 'login.php?target' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/31008/info XRMS CRM is prone to multiple input-validation vulnerabilities, including an unspecified SQL-injection issue, an HTML-injection issue, and multiple cross-site scripting issues The vulnerabilities occur because the application fails to sufficiently sanitize user-supplied data Exploiting these i ...
Exploit DB: XRms 1.99.2 - 'last_name' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/31008/info XRMS CRM is prone to multiple input-validation vulnerabilities, including an unspecified SQL-injection issue, an HTML-injection issue, and multiple cross-site scripting issues The vulnerabilities occur because the application fails to sufficiently sanitize user-supplied data Exploiting t ...
Exploit DB: XRms 1.99.2 - 'case_title' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/31008/info XRMS CRM is prone to multiple input-validation vulnerabilities, including an unspecified SQL-injection issue, an HTML-injection issue, and multiple cross-site scripting issues The vulnerabilities occur because the application fails to sufficiently sanitize user-supplied data Exploi ...
Exploit DB: XRms 1.99.2 - 'campaign_title' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/31008/info XRMS CRM is prone to multiple input-validation vulnerabilities, including an unspecified SQL-injection issue, an HTML-injection issue, and multiple cross-site scripting issues The vulnerabilities occur because the application fails to sufficiently sanitize user-supplied data Exploiting ...

References

CWE-79http://www.securityfocus.com/bid/31008http://securityreason.com/securityalert/4229https://exchange.xforce.ibmcloud.com/vulnerabilities/45142http://www.securityfocus.com/archive/1/495981/100/0/threadedhttps://nvd.nist.govhttps://packetstormsecurity.com/files/69620/xrms-sqlxss.txt.htmlhttps://www.exploit-db.com/exploits/32327/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700CVE-2022-48689CVE-2024-27956CVE-2023-6363SQLNULL pointer dereferenceCVE-2023-41830CVE-2015-2051arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook