CVE-2020-21088

Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "First Name" and "Last Name" fields in "/index.php/contacts/create page"
References
Link Resource
https://github.com/X2Engine/X2CRM/issues/161 Exploit Third Party Advisory
https://github.com/X2Engine/X2CRM/issues/183 Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:x2engine:x2crm:*:*:*:*:*:*:*:*

Information

Published : 2021-04-14 07:15

Updated : 2021-04-20 18:49


NVD link : CVE-2020-21088

Mitre link : CVE-2020-21088


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

x2engine

  • x2crm