88 matches found
CVE-2013-5693
Cross-site scripting XSS vulnerability in X2Engine X2CRM before 3.5 allows remote attackers to inject arbitrary web script or HTML via the model parameter to index.php/admin/editor...
CVE-2013-5692
Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a .. dot dot in the file parameter to index.php/admin/translationManager...
Cross site scripting
Cross-site scripting XSS vulnerability in X2Engine X2CRM before 3.5 allows remote attackers to inject arbitrary web script or HTML via the model parameter to index.php/admin/editor...
Directory traversal
Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a .. dot dot in the file parameter to index.php/admin/translationManager...
CVE-2013-5692
Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a .. dot dot in the file parameter to index.php/admin/translationManager...
CVE-2013-5693
Cross-site scripting XSS vulnerability in X2Engine X2CRM before 3.5 allows remote attackers to inject arbitrary web script or HTML via the model parameter to index.php/admin/editor...
CVE-2013-5693
CVE-2013-5693 affects X2Engine X2CRM
CVE-2013-5692
CVE-2013-5692 affects X2CRM/X2Engine before 3.5. A PHP file inclusion flaw arises from insufficient sanitization of the file parameter in /index.php/admin/translationManager, allowing a remote authenticated administrator to traverse directories and include/execute local files. Public details conf...