Unrated severityNVD Advisory· Published Jul 13, 2010· Updated Jun 16, 2026
CVE-2010-2718
CVE-2010-2718
Description
Multiple cross-site scripting (XSS) vulnerabilities in CruxSoftware CruxPA 2.00, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) txtusername parameter to login.php, (2) todo parameter to newtodo.php, and unspecified vectors to (3) newtelephone.php and (4) newappointment.php.
Affected products
2cpe:2.3:a:cruxsoftware:cruxpa:2.00:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:cruxsoftware:cruxpa:2.00:*:*:*:*:*:*:*
- (no CPE)range: <=2.00
Patches
Vulnerability mechanics
References
8- packetstormsecurity.org/1007-exploits/cruxpa-xss.txtnvdExploit
- www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa.htmlnvdExploit
- www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_1.htmlnvdExploit
- www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_2.htmlnvdExploit
- www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_3.htmlnvdExploit
- www.vupen.com/english/advisories/2010/1709nvdVendor Advisory
- www.securityfocus.com/archive/1/512243/100/0/threadednvd
- www.securityfocus.com/bid/41495nvd
News mentions
0No linked articles in our index yet.