CVE-2010-2718
https://notcve.org/view.php?id=CVE-2010-2718
Multiple cross-site scripting (XSS) vulnerabilities in CruxSoftware CruxPA 2.00, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) txtusername parameter to login.php, (2) todo parameter to newtodo.php, and unspecified vectors to (3) newtelephone.php and (4) newappointment.php. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en CruxSoftware CruxPA v2.00, y posiblemente versiones anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de lso parámetros (1) txtusername a login.php, (2) todo a newtodo.php, y vectores no especificados en (3) newtelephone.php y(4) newappointment.php. • http://packetstormsecurity.org/1007-exploits/cruxpa-xss.txt http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa.html http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_1.html http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_2.html http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxpa_3.html http://www.securityfocus.com/archive/1/512243/100/0/threaded http://www.securityfocus.com/bid/41495 http://www.vupen.com/english/advisories/2010/1709 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •