6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
48.5%
Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the “Comment” field in “/profile/activity” page.
github.com/X2Engine/X2CRM/issues/183