Vulnerabilities > Xrms

DATE CVE VULNERABILITY TITLE RISK
2008-09-05 CVE-2008-3948 SQL Injection vulnerability in Xrms CRM 1.99.2
SQL injection vulnerability in admin/users/self-2.php in XRMS allows remote attackers to execute arbitrary SQL commands and modify name and email fields via unspecified vectors.
network
low complexity
xrms CWE-89
7.5
2008-09-05 CVE-2008-3664 Cross-Site Scripting vulnerability in Xrms CRM
Multiple cross-site scripting (XSS) vulnerabilities in XRMS allow remote attackers to inject arbitrary web script or HTML via (1) the real name field, related to the user list; (2) the target parameter to login.php, (3) the title parameter to activities/some.php, (4) the company_name parameter to companies/some.php, (5) the last_name parameter to contacts/some.php, (6) the campaign_title parameter to campaigns/some.php, (7) the opportunity_title parameter to opportunities/some.php, (8) the case_title parameter to cases/some.php, (9) the file_id parameter to files/some.php, or (10) the starting parameter to reports/custom/mileage.php, a related issue to CVE-2008-1129.
network
xrms CWE-79
4.3
2008-07-31 CVE-2008-3400 Information Exposure vulnerability in Xrms CRM 1.99.2
XRMS CRM 1.99.2 allows remote attackers to obtain configuration information via a direct request to tests/info.php, which calls the phpinfo function.
network
xrms CWE-200
4.3
2008-07-31 CVE-2008-3399 Code Injection vulnerability in Xrms CRM 1.99.2
PHP remote file inclusion vulnerability in activities/workflow-activities.php in XRMS CRM 1.99.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the include_directory parameter.
network
xrms CWE-94
6.8
2008-07-31 CVE-2008-3398 Cross-Site Scripting vulnerability in Xrms CRM 1.99.2
Multiple cross-site scripting (XSS) vulnerabilities in XRMS CRM 1.99.2 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to unspecified components, possibly including login.php.
network
high complexity
xrms CWE-79
2.6