Unrated severityNVD Advisory· Published Jul 13, 2010· Updated Apr 29, 2026
CVE-2010-2718
CVE-2010-2718
Description
Multiple cross-site scripting (XSS) vulnerabilities in CruxSoftware CruxPA 2.00, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) txtusername parameter to login.php, (2) todo parameter to newtodo.php, and unspecified vectors to (3) newtelephone.php and (4) newappointment.php.
Affected products
1- cpe:2.3:a:cruxsoftware:cruxpa:2.00:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- packetstormsecurity.org/1007-exploits/cruxpa-xss.txtnvdExploit
- www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa.htmlnvdExploit
- www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_1.htmlnvdExploit
- www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_2.htmlnvdExploit
- www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_3.htmlnvdExploit
- www.vupen.com/english/advisories/2010/1709nvdVendor Advisory
- www.securityfocus.com/archive/1/512243/100/0/threadednvd
- www.securityfocus.com/bid/41495nvd
News mentions
0No linked articles in our index yet.