4 matches found
CVE-2020-21087
Cross Site Scripting XSS in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the "New Name" field of the "Rename a Module" tool...
CVE-2020-21087
Cross Site Scripting XSS in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the "New Name" field of the "Rename a Module" tool...
Cross site scripting
Cross Site Scripting XSS in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the "New Name" field of the "Rename a Module" tool...
CVE-2020-21087
X2Engine X2CRM v6.9 and earlier is affected by an XSS vulnerability in the Rename a Module tool, where entering arbitrary web script or HTML into the New Name field can be reflected to the user and potentially lead to code execution in the context of the victim's browser. The issue is described a...