Описание
X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting (XSS) in the "Opportunities" module. An attacker can inject malicious JavaScript code into the "Name" field when creating a list.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:x2engine:x2crm:8.5:*:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.00903
Низкий
5.4 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 6.5
github
больше 1 года назад
X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting (XSS) in the "Opportunities" module. An attacker can inject malicious JavaScript code into the "Name" field when creating a list.
EPSS
Процентиль: 75%
0.00903
Низкий
5.4 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-79
CWE-79