PerfectView CRM XSS Vulnerability

# Affected software: PerfectView CRM
# Description: PerfectView CRM is a software for Relationship Management,
Marketing & Sales
# Type of vulnerability: XSS Persistent
 # URL: http://perfectviewcrm.com
#
# Discovered by: Provensec
# Website: http://www.provensec.com

# Description: PerfectView is prone to a Persistent Cross Site Scripting
attack
that allows a malicious user to inject HTML or scripts that can access any
cookies, session tokens, or other
sensitive information retained by your browser and used with that site.
# Proof of concept
# 1. Create a Conversation report as a Normal user inside "To Do".
# 2. Select the new conversation
# 3. Add a note with the following value: "><script>alert('XSS by
Provensec')</script>
# 5. Save the conversation and use the functionality in To Do menu to
forward it to a colleague.



//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information