29 matches found
EUVD-2020-13866
Malware in sbrugna...
EUVD-2013-5530
Malware in sbrugna...
CVE-2020-21087
Cross Site Scripting XSS in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the "New Name" field of the "Rename a Module" tool...
CVE-2021-27288
Cross Site Scripting XSS in X2Engine X2CRM v7.1 allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "Comment" field in "/profile/activity" page...
CVE-2020-21088
Cross Site Scripting XSS in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "First Name" and "Last Name" fields in "/index.php/contacts/create page"...
CVE-2021-27288
Cross Site Scripting XSS in X2Engine X2CRM v7.1 allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "Comment" field in "/profile/activity" page...
CVE-2020-21087
Cross Site Scripting XSS in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the "New Name" field of the "Rename a Module" tool...
Cross site scripting
Cross Site Scripting XSS in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the "New Name" field of the "Rename a Module" tool...
Cross site scripting
Cross Site Scripting XSS in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "First Name" and "Last Name" fields in "/index.php/contacts/create page"...
CVE-2020-21088
X2engine/X2CRM 7.1 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that allows remote attackers to obtain sensitive information by injecting arbitrary script/HTML through the First Name and Last Name fields on the /index.php/contacts/create page. Root cause is untrusted inp...
CVE-2021-27288
Cross Site Scripting XSS in X2Engine X2CRM v7.1 allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "Comment" field in "/profile/activity" page...
Unrestricted file upload
Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct...
CVE-2014-2664
The CVE affects X2Engine X2CRM before 4.0. Affected component: ProfileController::actionUploadPhoto in protected/controllers/ProfileController.php. Root cause: unrestricted file upload allows uploading a file with an executable extension, enabling remote code execution when the file is accessed d...
X2Engine X2CRM Cross-Site Scripting Vulnerability
X2Engine X2CRM is the United States X2Engine company's set of open source customer relationship management program CRM. A cross-site scripting vulnerability exists in X2Engine X2CRM versions prior to 5.0.9. A remote attacker can exploit this vulnerability to inject arbitrary Web script or HTML...
CVE-2015-5076
Multiple cross-site scripting XSS vulnerabilities in X2Engine X2CRM before 5.0.9 allow remote attackers to inject arbitrary web script or HTML via the 1 version parameter in protected/views/admin/formEditor.php; the 2 importId parameter in protected/views/admin/rollbackImport.php; the 3 bc, 4 fg,...
CVE-2015-5075
Cross-site request forgery CSRF vulnerability in X2Engine X2CRM before 5.2 allows remote attackers to hijack the authentication of administrators for requests that create an administrative account via a crafted request to index.php/users/create...
CVE-2015-5074
Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM before 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht extension...
Input validation
Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM before 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht extension...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in X2Engine X2CRM before 5.0.9 allow remote attackers to inject arbitrary web script or HTML via the 1 version parameter in protected/views/admin/formEditor.php; the 2 importId parameter in protected/views/admin/rollbackImport.php; the 3 bc, 4 fg,...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in X2Engine X2CRM before 5.2 allows remote attackers to hijack the authentication of administrators for requests that create an administrative account via a crafted request to index.php/users/create...