إرسال #642025: PHPGurukul Small CRM in PHP 4 Cross Site Scriptingالمعلومات

عنوان	PHPGurukul Small CRM in PHP 4 Cross Site Scripting
الوصف	A security assessment of the Small CRM in PHP V4.0 revealed multiple stored Cross-Site Scripting (XSS) vulnerabilities in different modules: 1. Registration Module → User Management - Input: /crm/registration.php (username field) - Trigger: /crm/admin/manage-users.php when the admin views registered users. 2. Ticket Module → Ticket Management - Input: /crm/create-ticket.php (ticket details field) - Trigger: /crm/admin/manage-tickets.php when the admin views submitted tickets. 3. Quote Module → Quote Details - Input: /crm/get-quote.php (quote query field) - Trigger: /crm/admin/quote-details.php?id=<id> when the admin views quote details. All three issues stem from missing output encoding, enabling unauthenticated attackers to inject persistent JavaScript payloads that are executed in the context of the administrator’s browser session.
المصدر	⚠️ https://github.com/YoSheep/cve/blob/main/PHPGurukul%20Small%20CRM%20in%20PHP%20V4.0%20Multiple%20Stored%20Cross-Site%20Scripting%20(XSS)%20Vulnerabilities.md
المستخدم	YoSheep (UID 88465)
ارسال	26/08/2025 07:53 PM (10 أشهر منذ)
الاعتدال	02/09/2025 02:31 PM (7 days later)
الحالة	تمت الموافقة
إدخال VulDB	322181 [PHPGurukul Small CRM 4.0 /registration.php أسم المستخدم البرمجة عبر المواقع]
النقاط	20

Do you know our Splunk app?

Download it now for free!