Home / exploits

PDF

Zurmo CRM 3.0.2 Cross Site Scripting

Posted on 24 June 2015

​# Affected software: zurmo crm
# Type of vulnerability:xss stored
# URL:zurmo.com (http://demo.zurmo.com/)
# Discovered by: provensec
# Website: provensec.com

#version:N/A
# Proof of concept​

goto profile section (
http://demo.zurmo.com/demos/stable/app/index.php/home/default) and edit the
whats going on field with xss payload and post it javascript will execute

 

TOP