Vulnerabilities > CVE-2006-0521 - Cross-Site Scripting vulnerability in BrowserCRM Results.PHP

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

browsercrm

NVD

Published: 2006-02-02

Updated: 2018-10-19

Summary

Cross-site scripting (XSS) vulnerability in results.php in BrowserCRM allows remote attackers to inject arbitrary web script or HTML via certain manipulations of the query parameter, as demonstrated using an IMG SRC tag.

Vulnerable Configurations

Part	Description	Count
Application	Browsercrm Browsercrm Browsercrm *	1

References

http://secunia.com/advisories/18658
http://securityreason.com/securityalert/393
http://www.osvdb.org/22841
http://www.securityfocus.com/archive/1/423546/100/0/threaded
http://www.securityfocus.com/bid/16435
http://www.vupen.com/english/advisories/2006/0391
https://exchange.xforce.ibmcloud.com/vulnerabilities/24390