Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in XRMS allow remote attackers to inject arbitrary web script or HTML via (1) the real name field, related to the user list; (2) the target parameter to login.php, (3) the title parameter to activities/some.php, (4) the company_name parameter to companies/some.php, (5) the last_name parameter to contacts/some.php, (6) the campaign_title parameter to campaigns/some.php, (7) the opportunity_title parameter to opportunities/some.php, (8) the case_title parameter to cases/some.php, (9) the file_id parameter to files/some.php, or (10) the starting parameter to reports/custom/mileage.php, a related issue to CVE-2008-1129.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
XRMS CRM 用户列表跨站攻击漏洞
Vulnerability Description
XRMS CRM 是一个用PHP 开发的开源客户关系管理系统和销售团队自动化管理工具。 XRMS存在多个跨站脚本攻击漏洞。远程攻击者可以借助(1)与用户列表相关的真实名字段,(2)到login.php的对象参数,(3)到activities/some.php的标题参数,(4)到companies/some.php的company_name参数, (5)到contacts/some.php的last_name参数, (6)到campaigns/some.php的campaign_title参数,(7)到op
CVSS Information
N/A
Vulnerability Type
N/A