Arbitrary Script Injection in Zurmo CRM 3.0.2 via What's going on? Profile Field

Arbitrary Script Injection in Zurmo CRM 3.0.2 via What's going on? Profile Field

CVE-2015-5365 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in Zurmo CRM 3.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "What's going on?" profile field.

Learn more about our Web App Pen Testing.