X2engine

X2crm

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-48120

Exploit
  • EPSS 0.93%
  • Veröffentlicht 14.10.2024 14:15:11
  • Zuletzt bearbeitet 29.10.2024 20:57:53

X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting (XSS) in the "Opportunities" module. An attacker can inject malicious JavaScript code into the "Name" field when creating a list.

5.4

CVE-2021-33853

Exploit
  • EPSS 0.21%
  • Veröffentlicht 16.03.2022 15:15:10
  • Zuletzt bearbeitet 21.11.2024 06:09:42

A Cross-Site Scripting (XSS) attack can cause arbitrary code (javascript) to run in a user’s browser while the browser is connected to a trusted website. As the vehicle for the attack, the application targets the users and not the application itself....

6.1

CVE-2020-21087

Exploit
  • EPSS 0.51%
  • Veröffentlicht 14.04.2021 14:15:13
  • Zuletzt bearbeitet 21.11.2024 05:12:25

Cross Site Scripting (XSS) in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the "New Name" field of the "Rename a Module" tool.

4.8

CVE-2020-21088

Exploit
  • EPSS 0.19%
  • Veröffentlicht 14.04.2021 14:15:13
  • Zuletzt bearbeitet 21.11.2024 05:12:25

Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "First Name" and "Last Name" fields in "/index.php/contacts/create page"

6.1

CVE-2021-27288

Exploit
  • EPSS 0.21%
  • Veröffentlicht 14.04.2021 14:15:13
  • Zuletzt bearbeitet 21.11.2024 05:57:45

Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "Comment" field in "/profile/activity" page.

8.8

CVE-2014-2664

  • EPSS 6.86%
  • Veröffentlicht 17.10.2017 15:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execute arbitrary code by uploading a file with an execut...

4.3

CVE-2015-5076

Exploit
  • EPSS 0.31%
  • Veröffentlicht 29.09.2015 19:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in X2Engine X2CRM before 5.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) version parameter in protected/views/admin/formEditor.php; the (2) importId parameter in prot...

6.8

CVE-2015-5075

Exploit
  • EPSS 0.97%
  • Veröffentlicht 29.09.2015 19:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site request forgery (CSRF) vulnerability in X2Engine X2CRM before 5.2 allows remote attackers to hijack the authentication of administrators for requests that create an administrative account via a crafted request to index.php/users/create.

7.5

CVE-2015-5074

Exploit
  • EPSS 12.9%
  • Veröffentlicht 29.09.2015 19:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM before 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht ext...

4.3

CVE-2013-5693

Exploit
  • EPSS 0.43%
  • Veröffentlicht 30.09.2013 22:55:05
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in X2Engine X2CRM before 3.5 allows remote attackers to inject arbitrary web script or HTML via the model parameter to index.php/admin/editor.