7 matches found
CVE-2024-48120
X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting XSS in the "Opportunities" module. An attacker can inject malicious JavaScript code into the "Name" field when creating a list...
CVE-2022-48177
X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a reflected cross-site scripting XSS vulnerability via the adin/importModels Import Records Model field model parameter. This vulnerability allows attackers to create malicious JavaScript that will be executed by the victim user's...
CVE-2013-5693
Cross-site scripting XSS vulnerability in X2Engine X2CRM before 3.5 allows remote attackers to inject arbitrary web script or HTML via the model parameter to index.php/admin/editor...
CVE-2022-48178
X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Create Action function, aka an index.php/actions/update URI...
CVE-2022-48177
X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a reflected cross-site scripting XSS vulnerability via the adin/importModels Import Records Model field model parameter. This vulnerability allows attackers to create malicious JavaScript that will be executed by the victim user's...
PT-2023-15602
Name of the Vulnerable Software and Affected Versions X2CRM Open Source Sales CRM versions 6.6 through 6.9 Description A reflected cross-site scripting XSS issue was discovered in X2CRM Open Source Sales CRM. This issue allows attackers to create malicious JavaScript that will be executed by the...
pczupil X2CRM Cross-Site Scripting Vulnerability
pczupil X2CRM is a pczupil open source application. A next generation open source social selling application for small and medium sized businesses. A cross-site scripting vulnerability exists in pczupil X2CRM version 7.1, which can be exploited to inject arbitrary web script or HTML via the...