CVE-2021-27288

2021-04-1414:15:13

Google

osv.dev

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.5%

JSON

Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the “Comment” field in “/profile/activity” page.

CPENameOperatorVersion
x2crmeq1.6.1
x2crmeq6.0
x2crmeq1.2.1
x2crmeq2.0
x2crmeq5.0.3b
x2crmeq1.2.2
x2crmeq5.0b
x2crmeq3.5.5
x2crmeq4.2b
x2crmeq3.0

Name	Operator	Version
x2crm	eq	1.6.1
x2crm	eq	6.0
x2crm	eq	1.2.1
x2crm	eq	2.0
x2crm	eq	5.0.3b
x2crm	eq	1.2.2
x2crm	eq	5.0b
x2crm	eq	3.5.5
x2crm	eq	4.2b
x2crm	eq	3.0

Rows per page:

1-10 of 1071

References

github.com/X2Engine/X2CRM/issues/183