exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Stark CRM 1.0 Script Injection / Session Riding https://packetstormsecurity.com/files/125331/ZSL-2014-5169.txt https://packetstormsecurity.com/files/125331/ZSL-2014-5169.txt https://packetstormsecurity.com/files/125331/Stark-CRM-1.0-Script-Injection-Session-Riding.html Fri, 21 Feb 2014 06:55:50 GMT Multiple stored cross site scripting and cross site request forgery vulnerabilities exist when parsing user input to several POST parameters in Stark CRM version 1.0. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site and/or execute arbitrary HTML and script code in a user's browser session.

Related Files

No related files
packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close