Arbitrary Script Injection in Zurmo CRM 3.0.2 via What's going on? Profile Field
CVE-2015-5365 · LOW Severity
AV:N/AC:M/AU:S/C:N/I:P/A:N
Cross-site scripting (XSS) vulnerability in Zurmo CRM 3.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "What's going on?" profile field.
Learn more about our Web App Pen Testing.