RSS   Vulnerabilities for 'Zurmo crm'   RSS

2018-09-07
 
CVE-2018-16654

CWE-79
 

 
Zurmo 3.2.4 Stable allows XSS via app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1.

 
2017-12-31
 
CVE-2017-18004

CWE-79
 

 
Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint.

 
2017-11-06
 
CVE-2017-16569

CWE-601
 

 
An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.

 
 
CVE-2017-15039

CWE-79
 

 
Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.

 
2017-04-14
 
CVE-2017-7188

 

 
Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse.

 
2015-07-02
 
CVE-2015-5365

 

 
Cross-site scripting (XSS) vulnerability in Zurmo CRM 3.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "What's going on?" profile field.

 


Copyright 2018, cxsecurity.com

 

Back to Top