# Affected software: OroCRM is an easy-to-use, open source CRM with built in marketing automation tools for your commerce business. It's the CRM built for both sales and marketing!# Discovered by: Provensec# Website: http://www.provensec.com# Author: Provensec Labs# Type of vulnerability: XSS Stored# Description:1 Goto http://server add a new lead fill all the fields properly but Fill the email filed with xss payloadas given in the screenshot
http://prntscr.com/4lf043
payload used "><img src=d onerror=confirm(/provensec/);>2 click save and close button
http://prntscr.com/4lf0ej
