VYPR
Vendor

Xrms

Products
2
CVEs
8
Across products
13
Status
Private

Products

2

Recent CVEs

8
  • CVE-2014-5521Sep 2, 2014
    risk 0.04cvss epss 0.07

    plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter.

  • CVE-2014-5520Oct 26, 2014
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php.

  • CVE-2008-3664Sep 5, 2008
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in XRMS allow remote attackers to inject arbitrary web script or HTML via (1) the real name field, related to the user list; (2) the target parameter to login.php, (3) the title parameter to activities/some.php, (4) the…

  • CVE-2008-3398Jul 31, 2008
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in XRMS CRM 1.99.2 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to unspecified components, possibly including login.php. NOTE: this may overlap CVE-2008-1129.

  • CVE-2008-3400Jul 31, 2008
    risk 0.03cvss epss 0.02

    XRMS CRM 1.99.2 allows remote attackers to obtain configuration information via a direct request to tests/info.php, which calls the phpinfo function.

  • CVE-2008-3399Jul 31, 2008
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in activities/workflow-activities.php in XRMS CRM 1.99.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the include_directory parameter.

  • CVE-2008-1129Mar 4, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in admin/users/self.php in XRMS CRM allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of these details are obtained from third party information.

  • CVE-2008-3948Sep 5, 2008
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in admin/users/self-2.php in XRMS allows remote attackers to execute arbitrary SQL commands and modify name and email fields via unspecified vectors.