Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
browsercrm browsercrm 4.999.20 |
||
browsercrm browsercrm 4.691.01 |
||
browsercrm browsercrm 4.622.00 |
||
browsercrm browsercrm 4.620.01 |
||
browsercrm browsercrm 4.612.00 |
||
browsercrm browsercrm 4.611.01 |
||
browsercrm browsercrm |
||
browsercrm browsercrm 5.100.00 |
||
browsercrm browsercrm 4.624.90 |
||
browsercrm browsercrm 4.624.80 |
||
browsercrm browsercrm 4.619.00 |
||
browsercrm browsercrm 4.617.00 |
||
browsercrm browsercrm 4.610.00 |
||
browsercrm browsercrm 4.607.00 |
||
browsercrm browsercrm 5.002.00 |
||
browsercrm browsercrm 5.001.00 |
||
browsercrm browsercrm 4.624.70 |
||
browsercrm browsercrm 4.624.60 |
||
browsercrm browsercrm 4.616.00 |
||
browsercrm browsercrm 4.615.11 |
||
browsercrm browsercrm 4.605.00 |
||
browsercrm browsercrm 4.604.01 |
||
browsercrm browsercrm 5.000.01 |
||
browsercrm browsercrm 5.000.00 |
||
browsercrm browsercrm 4.624.50 |
||
browsercrm browsercrm 4.624.01 |
||
browsercrm browsercrm 4.624.00 |
||
browsercrm browsercrm 4.615.10 |
||
browsercrm browsercrm 4.614.00 |
Vulmon