X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the adin/importModels Import Records Model field (model parameter). This vulnerability allows attackers to create malicious JavaScript that will be executed by the victim user's browser.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x2crm | x2crm | 6.6 |
| x2crm | x2crm | 6.9 |
X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Create Action function, aka an index.php/actions/update URI.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x2crm | x2crm | 6.6 |
| x2crm | x2crm | 6.9 |