CVE-2010-2718 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in CruxSoftware CruxPA 2.00 and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtusername parameter to login.php (2) todo parameter to newtodo.php and unspecified vectors to (3) newtelephone.php and (4) newappointment.php.
Reference
http://packetstormsecurity.org/1007-exploits/cruxpa-xss.txt http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa.html http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_1.html http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_2.html http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_3.html http://www.securityfocus.com/archive/1/512243/100/0/threaded http://www.securityfocus.com/bid/41495 http://www.vupen.com/english/advisories/2010/1709
Share on: