bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/33953.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

23 lines
No EOL
893 B
Text
Raw Blame History

# Affected software: Zurmo CRM
# Zurmo is an Open Source Customer Relationship Management (CRM)
application that is
# mobile, social, and gamified. We use a test-driven methodology for
building every part of the # application.
# Type of vulnerability: XSS Stored
# URL: zurmo.com
#
# Discovered by: Provensec
# Website: http://www.provensec.com
# Description: ZumoCRM is prone to a Persistent Cross Site Scripting attack
that allows a malicious user to inject HTML or scripts that can access any
cookies, session tokens, or other
sensitive information retained by your browser and used with that site.
# Proof of concept
# 1. Create a report as a Normal user
# 2. Select module: Accounts
# 3. Select filter: Name
# 4. Select column Employees and as a value use: "><script>alert('XSS by
Provensec')</script>
# 5. Save the report and share it with other users to distribute your
malicious code.
Reference in a new issue View git blame Copy permalink