CVE-2008-1129
published 2008-03-04CVE-2008-1129: Cross-site scripting (XSS) vulnerability in admin/users/self.php in XRMS CRM allows remote attackers to inject arbitrary web script or HTML via the msg…
PriorityP416medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.46%
70.3th percentile
Cross-site scripting (XSS) vulnerability in admin/users/self.php in XRMS CRM allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of these details are obtained from third party information.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xrms | xrms_crm | — | — |
| xrms_crm | xrms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9473-43qc-4q4f: Multiple cross-site scripting (XSS) vulnerabilities in XRMS allow remote attackers to inject arbitrary web script or HTML via (1) the real name field,
ghsa_unreviewed·2022-05-02·CVSS 4.3
CVE-2008-3664 [MEDIUM] CWE-79 GHSA-9473-43qc-4q4f: Multiple cross-site scripting (XSS) vulnerabilities in XRMS allow remote attackers to inject arbitrary web script or HTML via (1) the real name field,
Multiple cross-site scripting (XSS) vulnerabilities in XRMS allow remote attackers to inject arbitrary web script or HTML via (1) the real name field, related to the user list; (2) the target parameter to login.php, (3) the title parameter to activities/some.php, (4) the company_name parameter to companies/some.php, (5) the last_name parameter to contacts/some.php, (6) the campaign_title parameter to campaigns/some.php, (7) the opportunity_title parameter to opportunities/some.php, (8) the case_title parameter to cases/some.php, (9) the file_id parameter to files/some.php, or (10) the starting parameter to reports/custom/mileage.php, a related issue to CVE-2008-1129.
GHSA
GHSA-4cw3-r5gr-2mrh: Cross-site scripting (XSS) vulnerability in admin/users/self
ghsa_unreviewed·2022-05-01
CVE-2008-1129 [MEDIUM] CWE-79 GHSA-4cw3-r5gr-2mrh: Cross-site scripting (XSS) vulnerability in admin/users/self
Cross-site scripting (XSS) vulnerability in admin/users/self.php in XRMS CRM allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of these details are obtained from third party information.
GHSA
GHSA-q7hp-2hjx-488x: Multiple cross-site scripting (XSS) vulnerabilities in XRMS CRM 1
ghsa_unreviewed·2022-05-01·CVSS 4.3
CVE-2008-3398 [MEDIUM] CWE-79 GHSA-q7hp-2hjx-488x: Multiple cross-site scripting (XSS) vulnerabilities in XRMS CRM 1
Multiple cross-site scripting (XSS) vulnerabilities in XRMS CRM 1.99.2 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to unspecified components, possibly including login.php. NOTE: this may overlap CVE-2008-1129.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/29177http://securityreason.com/securityalert/3709http://www.securityfocus.com/archive/1/488925/100/0/threadedhttp://www.securityfocus.com/bid/28041http://secunia.com/advisories/29177http://securityreason.com/securityalert/3709http://www.securityfocus.com/archive/1/488925/100/0/threadedhttp://www.securityfocus.com/bid/28041
2008-03-04
Published