X2crm@* Security Vulnerabilities and Issues — X2crm@* CVE List

Lucene search

X2engineX2crm*

3 matches found

CVE•added 2015/09/29 7:59 p.m.•49 views

CVE-2015-5074

Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM before 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht extension.

7.5CVSS7.2AI score0.12896EPSS

CVE•added 2015/09/29 7:59 p.m.•48 views

CVE-2015-5075

Cross-site request forgery (CSRF) vulnerability in X2Engine X2CRM before 5.2 allows remote attackers to hijack the authentication of administrators for requests that create an administrative account via a crafted request to index.php/users/create.

6.8CVSS7.1AI score0.00966EPSS

CVE•added 2015/09/29 7:59 p.m.•39 views

CVE-2015-5076

Multiple cross-site scripting (XSS) vulnerabilities in X2Engine X2CRM before 5.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) version parameter in protected/views/admin/formEditor.php; the (2) importId parameter in protected/views/admin/rollbackImport.php; the (3) bc,...

4.3CVSS5.8AI score0.00305EPSS