X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the adin/importModels Import Records Model field (model parameter). This vulnerability allows attackers to create malicious JavaScript that will be executed by the victim user's browser.
References
| Link | Resource |
|---|---|
| http://packetstormsecurity.com/files/171792/X2CRM-6.6-6.9-Cross-Site-Scripting.html | Exploit Third Party Advisory VDB Entry |
| https://sourceforge.net/projects/x2engine/ | Product |
| http://packetstormsecurity.com/files/171792/X2CRM-6.6-6.9-Cross-Site-Scripting.html | Exploit Third Party Advisory VDB Entry |
| https://sourceforge.net/projects/x2engine/ | Product |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:32
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://packetstormsecurity.com/files/171792/X2CRM-6.6-6.9-Cross-Site-Scripting.html - Exploit, Third Party Advisory, VDB Entry | |
| References | () https://sourceforge.net/projects/x2engine/ - Product |
25 Apr 2023, 16:20
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
25 Apr 2023, 13:14
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) http://packetstormsecurity.com/files/171792/X2CRM-6.6-6.9-Cross-Site-Scripting.html - Exploit, Third Party Advisory, VDB Entry | |
| References | (MISC) https://sourceforge.net/projects/x2engine/ - Product | |
| CWE | CWE-79 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
| CPE | cpe:2.3:a:x2crm:x2crm:6.9:*:*:*:*:*:*:* cpe:2.3:a:x2crm:x2crm:6.6:*:*:*:*:*:*:* |
15 Apr 2023, 02:25
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-04-15 01:15
Updated : 2024-11-21 07:32
NVD link : CVE-2022-48177
Mitre link : CVE-2022-48177
CVE.ORG link : CVE-2022-48177
JSON object : View
Products Affected
x2crm
- x2crm
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')