exploitDog

CVE-2020-21088

Опубликовано: 14 апр. 2021

Источник: nvd

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "First Name" and "Last Name" fields in "/index.php/contacts/create page"

Ссылки

https://github.com/X2Engine/X2CRM/issues/161
Exploit
Third Party Advisory
https://github.com/X2Engine/X2CRM/issues/183
Exploit
Third Party Advisory
https://github.com/X2Engine/X2CRM/issues/161
Exploit
Third Party Advisory
https://github.com/X2Engine/X2CRM/issues/183
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:x2engine:x2crm:*:*:*:*:*:*:*:*

Версия до 7.1 (включая)

EPSS

Процентиль: 50%

0.00264

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-mc2f-4vmr-c74r

github

больше 3 лет назад

Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "First Name" and "Last Name" fields in "/index.php/contacts/create page"

EPSS

Процентиль: 50%

0.00264

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79