Full title: Stark CRM 1.0 - Multiple Vulnerabilities 
Category: web applications
Platform: php
Multiple stored cross site scripting and cross site request forgery vulnerabilities exist when parsing user input to several POST parameters in Stark CRM version 1.0. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site and/or execute arbitrary HTML and script code in a user's browser session.

# 0day.today @ http://0day.today/