MidnightBSD

Advisories for x2crm

CVE-2022-48177

X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the adin/importModels Import Records Model field (model parameter). This vulnerability allows attackers to create malicious JavaScript that will be executed by the victim user's browser.

Products Affected

Vendor Product Version
x2crm x2crm 6.6
x2crm x2crm 6.9
CVE-2022-48178

X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Create Action function, aka an index.php/actions/update URI.

Products Affected

Vendor Product Version
x2crm x2crm 6.6
x2crm x2crm 6.9