Zurmo CRM version 3.0.2 suffers from a persistent cross site scripting vulnerability.
b2542c507f34d80b4f84194b95281d6052024b7288453da30fcf989523252891
# Affected software: zurmo crm
# Type of vulnerability:xss stored
# URL:zurmo.com (http://demo.zurmo.com/)
# Discovered by: provensec
# Website: provensec.com
#version:N/A
# Proof of concept
goto profile section (
http://demo.zurmo.com/demos/stable/app/index.php/home/default) and edit the
whats going on field with xss payload and post it javascript will execute