| CVE-2021-27288 |
BDSA-2021-0958 |
Medium |
Apr 14, 2021 |
Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via
more...
Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "Comment" field in "/profile/activity" page.
less...
|
7.1
|
| CVE-2020-21088 |
BDSA-2018-5239 |
Low |
Apr 14, 2021 |
Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script o
more...
Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "First Name" and "Last Name" fields in "/index.php/contacts/create page"
less...
|
7.1, 6.9, 6.6, 6.5.2, 6.5.1, 6.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1
|
| BDSA-2022-4194 |
|
Low |
Jul 11, 2023 |
X2CRM Open Source Sales CRM is vulnerable to reflected cross-site scripting (XSS) due to improper validation of user input supplied to the adin/importM
more...
X2CRM Open Source Sales CRM is vulnerable to reflected cross-site scripting (XSS) due to improper validation of user input supplied to the adin/importModels Import Records Model field. This could allow an attacker to inject arbitrary web scripts and obtain sensitive information such as authentication tokens and user session cookies.
less...
|
|
| BDSA-2022-4193 |
|
Low |
Jul 11, 2023 |
X2CRM Open Source Sales CRM is vulnerable to stored cross-site scripting (XSS) due to improper validation of user supplied input. This could allow an a
more...
X2CRM Open Source Sales CRM is vulnerable to stored cross-site scripting (XSS) due to improper validation of user supplied input. This could allow an attacker to inject arbitrary web scripts and obtain sensitive information such as authentication tokens and user session cookies.
less...
|
|
| BDSA-2021-4232 |
|
Low |
Mar 22, 2022 |
X2CRM is vulnerable to stored cross-site scripting (XSS) due to improper validation of user supplied input to the "Top Bar Link" field within the "User
more...
X2CRM is vulnerable to stored cross-site scripting (XSS) due to improper validation of user supplied input to the "Top Bar Link" field within the "User Interface Management" menu of the administrator tool. This could allow an attacker with administrative privileges to inject malicious web scripts and steal sensitive information such as authentication tokens and user session cookies.
less...
|
|
| BDSA-2018-5240 |
|
Low |
Apr 16, 2021 |
X2Engine X2CRM contains a cross-site scripting (XSS) vulnerability. An authenticated attacker can use this to execute malicious JavaScript code in a vi
more...
X2Engine X2CRM contains a cross-site scripting (XSS) vulnerability. An authenticated attacker can use this to execute malicious JavaScript code in a victim's browser, in order to steal session tokens, cookies, or other sensitive information.
less...
|
|
