SecPod Research Team member (Sooraj K.S) has found Multiple XSS and SQL Injection Vulnerabilities in MYRE Real Estate Software. The vulnerability is caused by improper validation of various parameters in several pages. This may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
More information on the flaws can be foundĀ here.
CVE Info : CVE-2011-3393 , CVE-2011-3394
Welcome any feedback or suggestion.
Cheers!
SecPod Research Team