​# Affected software: zurmo crm
# Type of vulnerability:xss stored
# URL:zurmo.com (http://demo.zurmo.com/)
# Discovered by: provensec
# Website: provensec.com

#version:N/A
# Proof of concept​

goto profile section (
http://demo.zurmo.com/demos/stable/app/index.php/home/default) and edit the
whats going on field with xss payload and post it javascript will execute