Lucene search
K
X2engineX2crm

13 matches found

CVE
CVE
added 2022/03/16 2:3 p.m.116 views

CVE-2021-33853

CVE-2021-33853 affects X2CRM 8.0 from X2Engine USA, Inc. The Red Hat/ CNVD/ CNNVD and CVE records describe a cross-site scripting (XSS) vulnerability arising from insufficient input validation/filtering and output encoding, allowing arbitrary JavaScript to run in a user’s browser when the user na...

5.4CVSS5.3AI score0.00567EPSS
CVE
CVE
added 2013/09/30 8:0 p.m.76 views

CVE-2013-5693

CVE-2013-5693 affects X2Engine X2CRM

4.3CVSS5.6AI score0.03232EPSS
Web
CVE
CVE
added 2013/09/30 8:0 p.m.68 views

CVE-2013-5692

CVE-2013-5692 affects X2CRM/X2Engine before 3.5. A PHP file inclusion flaw arises from insufficient sanitization of the file parameter in /index.php/admin/translationManager, allowing a remote authenticated administrator to traverse directories and include/execute local files. Public details conf...

8.5CVSS6.7AI score0.05791EPSS
Web
CVE
CVE
added 2015/09/29 7:0 p.m.64 views

CVE-2015-5075

CVE-2015-5075 affects X2Engine X2CRM (affected: 4.2; fixed: 5.2). Root cause: missing CSRF protections in index.php/users/create, enabling remote attackers to create an administrator account and hijack admin authentication. Exploitation details and advisories are documented in Portcullis/Exploit-...

6.8CVSS7.1AI score0.02756EPSS
Web
CVE
CVE
added 2015/09/29 7:0 p.m.63 views

CVE-2015-5074

CVE-2015-5074 affects X2Engine X2CRM 4.2. An incomplete blacklist in FileUploadsFilter.php allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht extension. This enables arbitrary file uploads and potential code execution on vulnerable installations. The i...

7.5CVSS7.2AI score0.07505EPSS
CVE
CVE
added 2024/10/14 12:0 a.m.57 views

CVE-2024-48120

X2CRM v8.5 is affected by a stored XSS in the Opportunities module. The vulnerability allows an authenticated attacker to inject JavaScript via the Name field when creating a list, with the payload stored and later triggered. Evidence consistently references a stored XSS path in the Opportunities...

6.5CVSS5.9AI score0.00624EPSS
Web
CVE
CVE
added 2017/10/17 3:0 p.m.52 views

CVE-2014-2664

The CVE affects X2Engine X2CRM before 4.0. Affected component: ProfileController::actionUploadPhoto in protected/controllers/ProfileController.php. Root cause: unrestricted file upload allows uploading a file with an executable extension, enabling remote code execution when the file is accessed d...

8.8CVSS9AI score0.02906EPSS
CVE
CVE
added 2015/09/29 7:0 p.m.50 views

CVE-2015-5076

CVE-2015-5076 affects X2Engine X2CRM. The vulnerability is a reflective XSS in X2Engine/X2CRM where user-supplied data is echoed, allowing arbitrary script execution. Affected versions are listed as before 5.0.9 (per CNVD/CVE records) and, in other sources, affected 4.2 with a fix at 5.2. Exploit...

4.3CVSS5.8AI score0.01906EPSS
Web
CVE
CVE
added 2023/04/15 12:0 a.m.48 views

CVE-2022-48177

CVE-2022-48177 affects X2CRM Open Source Sales CRM versions 6.6–6.9. A reflected Cross-Site Scripting (XSS) vulnerability exists in the adin/importModels Import Records Model field, via the model parameter. Exploitation can execute malicious JavaScript in a victim user’s browser, with some source...

5.4CVSS5.3AI score0.01831EPSS
Web
CVE
CVE
added 2021/04/14 1:48 p.m.47 views

CVE-2021-27288

CVE-2021-27288 affects X2Engine X2CRM v7.1, with a Cross-Site Scripting (XSS) vulnerability in the Comment field on the /profile/activity page. The root cause is improper handling/sanitization of input leading to script/html injection. Impact stated: remote attackers can obtain sensitive informat...

6.1CVSS5.9AI score0.00918EPSS
Web
CVE
CVE
added 2023/04/15 12:0 a.m.47 views

CVE-2022-48178

CVE-2022-48178 summary: X2CRM Open Source Sales CRM versions 6.6–6.9 contain a stored XSS vulnerability in the Create Action function, triggered via index.php/actions/update. Multiple sources (Exploit-DB, PacketStorm, CNNVD, Red Hat, OSV, CVE lists) confirm the flaw and that exploitation can be a...

5.4CVSS5.3AI score0.01831EPSS
Web
CVE
CVE
added 2021/04/14 1:49 p.m.44 views

CVE-2020-21087

X2Engine X2CRM v6.9 and earlier is affected by an XSS vulnerability in the Rename a Module tool, where entering arbitrary web script or HTML into the New Name field can be reflected to the user and potentially lead to code execution in the context of the victim's browser. The issue is described a...

6.1CVSS6.2AI score0.0135EPSS
CVE
CVE
added 2021/04/14 1:49 p.m.41 views

CVE-2020-21088

X2engine/X2CRM 7.1 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that allows remote attackers to obtain sensitive information by injecting arbitrary script/HTML through the First Name and Last Name fields on the /index.php/contacts/create page. Root cause is untrusted inp...

4.8CVSS4.9AI score0.0076EPSS
Web