CVE-2008-3664
published 2008-09-05CVE-2008-3664: Multiple cross-site scripting (XSS) vulnerabilities in XRMS allow remote attackers to inject arbitrary web script or HTML via (1) the real name field, related…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.49%
70.8th percentile
Multiple cross-site scripting (XSS) vulnerabilities in XRMS allow remote attackers to inject arbitrary web script or HTML via (1) the real name field, related to the user list; (2) the target parameter to login.php, (3) the title parameter to activities/some.php, (4) the company_name parameter to companies/some.php, (5) the last_name parameter to contacts/some.php, (6) the campaign_title parameter to campaigns/some.php, (7) the opportunity_title parameter to opportunities/some.php, (8) the case_title parameter to cases/some.php, (9) the file_id parameter to files/some.php, or (10) the starting parameter to reports/custom/mileage.php, a related issue to CVE-2008-1129.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
XRms 1.99.2 - 'case_title' Cross-Site Scripting
exploitdb·2008-09-04
CVE-2008-3664 XRms 1.99.2 - 'case_title' Cross-Site Scripting
XRms 1.99.2 - 'case_title' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/31008/info
XRMS CRM is prone to multiple input-validation vulnerabilities, including an unspecified SQL-injection issue, an HTML-injection issue, and multiple cross-site scripting issues. The vulnerabilities occur because the application fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/xrms/cases/some.php?case_title=">alert(1);
Exploit-DB
XRms 1.99.2 - 'login.php?target' Cross-Site Scripting
exploitdb·2008-09-04
CVE-2008-3664 XRms 1.99.2 - 'login.php?target' Cross-Site Scripting
XRms 1.99.2 - 'login.php?target' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/31008/info
XRMS CRM is prone to multiple input-validation vulnerabilities, including an unspecified SQL-injection issue, an HTML-injection issue, and multiple cross-site scripting issues. The vulnerabilities occur because the application fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/xrms/login.php?target=">alert(1);
Exploit-DB
XRms 1.99.2 - 'starting' Cross-Site Scripting
exploitdb·2008-09-04
CVE-2008-3664 XRms 1.99.2 - 'starting' Cross-Site Scripting
XRms 1.99.2 - 'starting' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/31008/info
XRMS CRM is prone to multiple input-validation vulnerabilities, including an unspecified SQL-injection issue, an HTML-injection issue, and multiple cross-site scripting issues. The vulnerabilities occur because the application fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/xrms/reports/custom/mileage.php?starting=">alert(1);
Exploit-DB
XRms 1.99.2 - 'title' Cross-Site Scripting
exploitdb·2008-09-04
CVE-2008-3664 XRms 1.99.2 - 'title' Cross-Site Scripting
XRms 1.99.2 - 'title' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/31008/info
XRMS CRM is prone to multiple input-validation vulnerabilities, including an unspecified SQL-injection issue, an HTML-injection issue, and multiple cross-site scripting issues. The vulnerabilities occur because the application fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/xrms/activities/some.php?title=">alert(1);
Exploit-DB
XRms 1.99.2 - 'file_id' Cross-Site Scripting
exploitdb·2008-09-04
CVE-2008-3664 XRms 1.99.2 - 'file_id' Cross-Site Scripting
XRms 1.99.2 - 'file_id' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/31008/info
XRMS CRM is prone to multiple input-validation vulnerabilities, including an unspecified SQL-injection issue, an HTML-injection issue, and multiple cross-site scripting issues. The vulnerabilities occur because the application fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/xrms/files/some.php?file_id=">alert(1);
Exploit-DB
XRms 1.99.2 - 'last_name' Cross-Site Scripting
exploitdb·2008-09-04
CVE-2008-3664 XRms 1.99.2 - 'last_name' Cross-Site Scripting
XRms 1.99.2 - 'last_name' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/31008/info
XRMS CRM is prone to multiple input-validation vulnerabilities, including an unspecified SQL-injection issue, an HTML-injection issue, and multiple cross-site scripting issues. The vulnerabilities occur because the application fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/xrms/contacts/some.php?last_name=">alert(1);
Exploit-DB
XRms 1.99.2 - 'opportunity_title' Cross-Site Scripting
exploitdb·2008-09-04
CVE-2008-3664 XRms 1.99.2 - 'opportunity_title' Cross-Site Scripting
XRms 1.99.2 - 'opportunity_title' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/31008/info
XRMS CRM is prone to multiple input-validation vulnerabilities, including an unspecified SQL-injection issue, an HTML-injection issue, and multiple cross-site scripting issues. The vulnerabilities occur because the application fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/xrms/opportunities/some.php?opportunity_title=">alert(1);
Exploit-DB
XRms 1.99.2 - 'company_name' Cross-Site Scripting
exploitdb·2008-09-04
CVE-2008-3664 XRms 1.99.2 - 'company_name' Cross-Site Scripting
XRms 1.99.2 - 'company_name' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/31008/info
XRMS CRM is prone to multiple input-validation vulnerabilities, including an unspecified SQL-injection issue, an HTML-injection issue, and multiple cross-site scripting issues. The vulnerabilities occur because the application fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/xrms/companies/some.php?company_name=">alert(1);
Exploit-DB
XRms 1.99.2 - 'campaign_title' Cross-Site Scripting
exploitdb·2008-09-04
CVE-2008-3664 XRms 1.99.2 - 'campaign_title' Cross-Site Scripting
XRms 1.99.2 - 'campaign_title' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/31008/info
XRMS CRM is prone to multiple input-validation vulnerabilities, including an unspecified SQL-injection issue, an HTML-injection issue, and multiple cross-site scripting issues. The vulnerabilities occur because the application fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/xrms/campaigns/some.php?campaign_title=">alert(1);
No writeups or analysis indexed.
http://securityreason.com/securityalert/4229http://www.securityfocus.com/archive/1/495981/100/0/threadedhttp://www.securityfocus.com/bid/31008https://exchange.xforce.ibmcloud.com/vulnerabilities/45142http://securityreason.com/securityalert/4229http://www.securityfocus.com/archive/1/495981/100/0/threadedhttp://www.securityfocus.com/bid/31008https://exchange.xforce.ibmcloud.com/vulnerabilities/45142
2008-09-05
Published