CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting XSS in the "Opportunities" module. An attacker can inject malicious JavaScript code into the "Name" field when creating a list...

6.5CVSS5.7AI score0.02555EPSS

Exploits3References1

RedhatCVE•added 2025/05/23 12:27 a.m.•3 views

CVE-2022-48177

X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a reflected cross-site scripting XSS vulnerability via the adin/importModels Import Records Model field model parameter. This vulnerability allows attackers to create malicious JavaScript that will be executed by the victim user's...

5.4CVSS6AI score0.02523EPSS

Exploits4

RedhatCVE•added 2025/05/23 12:20 a.m.•4 views

CVE-2022-48178

X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Create Action function, aka an index.php/actions/update URI...

5.4CVSS5.9AI score0.01915EPSS

Exploits4References1

RedhatCVE•added 2025/05/22 5:51 p.m.•9 views

CVE-2020-21088

Cross Site Scripting XSS in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "First Name" and "Last Name" fields in "/index.php/contacts/create page"...

4.8CVSS5.7AI score0.00257EPSS

Exploits1

RedhatCVE•added 2025/05/22 4:11 p.m.•8 views

CVE-2020-21087

Cross Site Scripting XSS in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the "New Name" field of the "Rename a Module" tool...

6.1CVSS6.5AI score0.0051EPSS

Exploits1

RedhatCVE•added 2025/05/22 12:49 a.m.•5 views

CVE-2013-5693

Cross-site scripting XSS vulnerability in X2Engine X2CRM before 3.5 allows remote attackers to inject arbitrary web script or HTML via the model parameter to index.php/admin/editor...

4.3CVSS5.8AI score0.00432EPSS

Exploits6References1

Packet Storm•added 2025/03/31 12:0 a.m.•325 views

X2CRM 8.5 Cross Site Scripting

X2CRM version 8.5 suffers from a persistent cross site scripting vulnerability. Exploit Title: X2CRM v8.5 – Stored Cross-Site Scripting XSS Authenticated Date: 12 September 2024 Exploit Author: Okan Kurtulus Vendor Homepage: https://x2engine.com/ Software Link: https://github.com/X2Engine/X2CRM...

5.4CVSS6.4AI score0.02555EPSS

Exploits3

Exploit DB•added 2025/03/27 12:0 a.m.•214 views

X2CRM 8.5 - Stored Cross-Site Scripting (XSS)

Exploit Title: X2CRM 8.5 - Stored Cross-Site Scripting XSS Date: 12 September 2024 Exploit Author: Okan Kurtulus Vendor Homepage: https://x2engine.com/ Software Link: https://github.com/X2Engine/X2CRM Version: X2CRM v8.5 Tested on: Ubuntu 22.04 CVE : CVE-2024-48120 1- Log in to the system with an...

6.5CVSS5.6AI score0.02555EPSS

Exploits3

CNVD•added 2024/10/17 12:0 a.m.•8 views

X2CRM Cross-Site Scripting Vulnerability

X2CRM is a next generation open source social selling application for small and medium sized businesses. A cross-site scripting vulnerability exists in X2CRM. The vulnerability stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited to...

6.5CVSS6.4AI score0.02555EPSS

Exploits3References1

OSV•added 2024/10/14 2:15 p.m.•0 views

CVE-2024-48120

X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting XSS in the "Opportunities" module. An attacker can inject malicious JavaScript code into the "Name" field when creating a list...

5.4CVSS6.1AI score0.02555EPSS

Exploits3References1

NVD•added 2024/10/14 2:15 p.m.•16 views

CVE-2024-48120

X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting XSS in the "Opportunities" module. An attacker can inject malicious JavaScript code into the "Name" field when creating a list...

6.5CVSS0.02555EPSS

Exploits3References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by