CVE-2020-21088

Cross Site Scripting XSS in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "First Name" and "Last Name" fields in "/index.php/contacts/create page"...

CVE-2021-27288

Cross Site Scripting XSS in X2Engine X2CRM v7.1 allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "Comment" field in "/profile/activity" page...

CVE-2020-21087

Cross Site Scripting XSS in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the "New Name" field of the "Rename a Module" tool...

Cross site scripting

Cross Site Scripting XSS in X2Engine X2CRM v7.1 allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "Comment" field in "/profile/activity" page...

Cross site scripting

Cross Site Scripting XSS in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the "New Name" field of the "Rename a Module" tool...

Cross site scripting

Cross Site Scripting XSS in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "First Name" and "Last Name" fields in "/index.php/contacts/create page"...

CVE-2020-21088

X2engine/X2CRM 7.1 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that allows remote attackers to obtain sensitive information by injecting arbitrary script/HTML through the First Name and Last Name fields on the /index.php/contacts/create page. Root cause is untrusted inp...

CVE-2020-21087

X2Engine X2CRM v6.9 and earlier is affected by an XSS vulnerability in the Rename a Module tool, where entering arbitrary web script or HTML into the New Name field can be reflected to the user and potentially lead to code execution in the context of the victim's browser. The issue is described a...

CVE-2021-27288

CVE-2021-27288 affects X2Engine X2CRM v7.1, with a Cross-Site Scripting (XSS) vulnerability in the Comment field on the /profile/activity page. The root cause is improper handling/sanitization of input leading to script/html injection. Impact stated: remote attackers can obtain sensitive informat...

CVE-2021-27288

Cross Site Scripting XSS in X2Engine X2CRM v7.1 allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "Comment" field in "/profile/activity" page...

Unrestricted file upload

Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct...

CVE-2014-2664

Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct...

CVE-2014-2664

The CVE affects X2Engine X2CRM before 4.0. Affected component: ProfileController::actionUploadPhoto in protected/controllers/ProfileController.php. Root cause: unrestricted file upload allows uploading a file with an executable extension, enabling remote code execution when the file is accessed d...

CVE-2015-5076 - Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine

Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine CVE: CVE-2015-5076 Vendor: X2Engine Inc. Product: X2Engine Affected version: 4.2 Fixed version: 5.2 Reported by: Simone Quatrini Details: It was discovered that the web application was vulnerable to reflective Cross-Site Scripting wher...

CVE-2015-5074 - Arbitrary File Upload In X2Engine Inc. X2Engine

Vulnerability title: Arbitrary File Upload In X2Engine Inc. X2Engine CVE: CVE-2015-5074 Vendor: X2Engine Inc. Product: X2Engine Affected version: 4.2 Fixed version: 5.2 Reported by: Simone Quatrini Details: It was discovered that authenticated users were able to upload files of any type providing...

CVE-2015-5075 - Cross-Site Request Forgery In X2Engine Inc. X2Engine

Vulnerability title: Cross-Site Request Forgery In X2Engine Inc. X2Engine CVE: CVE-2015-5075 Vendor: X2Engine Inc. Product: X2Engine Affected version: 4.2 Fixed version: 5.2 Reported by: Simone Quatrini Details: It was discovered that no protection against Cross-site Request Forgery attacks was...

X2Engine 4.2 任意文件上传/ CSRF漏洞

No description provided by source...

X2Engine X2CRM Cross-Site Scripting Vulnerability

X2Engine X2CRM is the United States X2Engine company's set of open source customer relationship management program CRM. A cross-site scripting vulnerability exists in X2Engine X2CRM versions prior to 5.0.9. A remote attacker can exploit this vulnerability to inject arbitrary Web script or HTML...

X2Engine X2CRM Input Validation Vulnerability

X2Engine X2CRM is the United States X2Engine company's set of open source customer relationship management program CRM. An incomplete blacklist vulnerability exists in the FileUploadsFilter class in the protected/components/filters/FileUploadsFilter.php script in X2Engine X2CRM versions prior to...

X2Engine X2CRM Cross-Site Request Forgery Vulnerability

X2Engine X2CRM is the United States X2Engine company's set of open source customer relationship management program CRM. A cross-site request forgery vulnerability exists in X2Engine X2CRM versions prior to 5.2. A remote attacker can exploit this vulnerability by sending a specially crafted reques...