| tiêu đề | PHPGurukul Small CRM in PHP 4 Cross Site Scripting |
|---|
| Mô tả | A security assessment of the *Small CRM in PHP V4.0* revealed multiple stored Cross-Site Scripting (XSS) vulnerabilities in different modules:
1. Registration Module → User Management
- Input: /crm/registration.php (username field)
- Trigger: /crm/admin/manage-users.php when the admin views registered users.
2. Ticket Module → Ticket Management
- Input: /crm/create-ticket.php (ticket details field)
- Trigger: /crm/admin/manage-tickets.php when the admin views submitted tickets.
3. Quote Module → Quote Details
- Input: /crm/get-quote.php (quote query field)
- Trigger: /crm/admin/quote-details.php?id=<id> when the admin views quote details.
All three issues stem from missing output encoding, enabling unauthenticated attackers to inject persistent JavaScript payloads that are executed in the context of the administrator’s browser session. |
|---|
| Nguồn | ⚠️ https://github.com/YoSheep/cve/blob/main/PHPGurukul%20Small%20CRM%20in%20PHP%20V4.0%20Multiple%20Stored%20Cross-Site%20Scripting%20(XSS)%20Vulnerabilities.md |
|---|
| Người dùng | YoSheep (UID 88465) |
|---|
| Đệ trình | 26/08/2025 19:53 (cách đây 10 các tháng) |
|---|
| Kiểm duyệt | 02/09/2025 14:31 (7 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 322181 [PHPGurukul Small CRM 4.0 /registration.php tên người dùng Tập lệnh chéo trang] |
|---|
| điểm | 20 |
|---|