CVE-2011-5214

EPSS 4.8%

Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.

Affected products

n/a · n/a

public PoCs found — 4

exploitdbwww.exploit-db.com/exploits/36453unverified exploitdbwww.exploit-db.com/exploits/36451unverified exploitdbwww.exploit-db.com/exploits/36454unverified exploitdbwww.exploit-db.com/exploits/36450unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://osvdb.org/77728 http://osvdb.org/77729 http://osvdb.org/77730 http://osvdb.org/77731 http://osvdb.org/77732 http://secunia.com/advisories/47217 https://exchange.xforce.ibmcloud.com/vulnerabilities/71827 https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_browser_crm.html