The exploit describes a stored XSS vulnerability in Zurmo CRM where a malicious user can inject scripts into a report's 'Employees' field, which executes when other users access the shared report. The PoC provides step-by-step instructions but lacks executable code.
Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:Zurmo CRM
Auth required
Prerequisites:Valid user account in Zurmo CRM · Ability to create and share reports