CVE-2008-3398

Name of the Vulnerable Software and Affected Versions XRMS CRM version 1.99.2

Description The issue allows remote attackers to inject arbitrary web script or HTML via the msg parameter to unspecified components, possibly including "login.php".

Recommendations For XRMS CRM version 1.99.2, consider restricting access to the msg parameter in affected components to minimize the risk of exploitation. Avoid using the msg parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.