exploitDog

CVE-2020-21087

Опубликовано: 14 апр. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Cross Site Scripting (XSS) in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the "New Name" field of the "Rename a Module" tool.

Ссылки

https://github.com/X2Engine/X2CRM/issues/162
Exploit
Third Party Advisory
https://github.com/X2Engine/X2CRM/issues/162
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:x2engine:x2crm:*:*:*:*:*:*:*:*

Версия до 6.9 (включая)

EPSS

Процентиль: 66%

0.0051

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-qrm3-3qcc-mmqr

CVSS3: 6.1

github

больше 3 лет назад

Cross Site Scripting (XSS) in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the "New Name" field of the "Rename a Module" tool.

EPSS

Процентиль: 66%

0.0051

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79