Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "First Name" and "Last Name" fields in "/index.php/contacts/create page"
References
Link | Resource |
---|---|
https://github.com/X2Engine/X2CRM/issues/161 | Exploit Third Party Advisory |
https://github.com/X2Engine/X2CRM/issues/183 | Exploit Third Party Advisory |
Configurations
Information
Published : 2021-04-14 07:15
Updated : 2021-04-20 18:49
NVD link : CVE-2020-21088
Mitre link : CVE-2020-21088
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
x2engine
- x2crm