| 제목 | PHPGurukul Small CRM in PHP 4 Cross Site Scripting |
|---|
| 설명 | A security assessment of the *Small CRM in PHP V4.0* revealed multiple stored Cross-Site Scripting (XSS) vulnerabilities in different modules:
1. Registration Module → User Management
- Input: /crm/registration.php (username field)
- Trigger: /crm/admin/manage-users.php when the admin views registered users.
2. Ticket Module → Ticket Management
- Input: /crm/create-ticket.php (ticket details field)
- Trigger: /crm/admin/manage-tickets.php when the admin views submitted tickets.
3. Quote Module → Quote Details
- Input: /crm/get-quote.php (quote query field)
- Trigger: /crm/admin/quote-details.php?id=<id> when the admin views quote details.
All three issues stem from missing output encoding, enabling unauthenticated attackers to inject persistent JavaScript payloads that are executed in the context of the administrator’s browser session. |
|---|
| 원천 | ⚠️ https://github.com/YoSheep/cve/blob/main/PHPGurukul%20Small%20CRM%20in%20PHP%20V4.0%20Multiple%20Stored%20Cross-Site%20Scripting%20(XSS)%20Vulnerabilities.md |
|---|
| 사용자 | YoSheep (UID 88465) |
|---|
| 제출 | 2025. 08. 26. PM 07:53 (10 개월 ago) |
|---|
| 모더레이션 | 2025. 09. 02. PM 02:31 (7 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 322181 [PHPGurukul Small CRM 4.0 /registration.php 사용자 이름 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|