CVEDB API - Fast Vulnerability Dashboard

Vulnerabilities

Vulnerable Software

X2engine: >> X2crm >> 7.1 Security Vulnerabilities

CVE-2020-21088

Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "First Name" and "Last Name" fields in "/index.php/contacts/create page"

CVSS Score

4.8

EPSS Score

0.002

Published

2021-04-14

CVE-2021-27288

Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "Comment" field in "/profile/activity" page.

CVSS Score

6.1

EPSS Score

0.002

Published

2021-04-14

Page 1

Products

Pricing

Contact Us

support@shodan.io

Shodan ® - All rights reserved