Cross Site Scripting (XSS) in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the "New Name" field of the "Rename a Module" tool.
CVSS Score
6.1
EPSS Score
0.005
Published
2021-04-14
Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "First Name" and "Last Name" fields in "/index.php/contacts/create page"
CVSS Score
4.8
EPSS Score
0.002
Published
2021-04-14
Cross-site request forgery (CSRF) vulnerability in X2Engine X2CRM before 5.2 allows remote attackers to hijack the authentication of administrators for requests that create an administrative account via a crafted request to index.php/users/create.
CVSS Score
6.8
EPSS Score
0.01
Published
2015-09-29