Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
x2engine x2crm vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-33853
A Cross-Site Scripting (XSS) attack can cause arbitrary code (javascript) to run in a user’s browser while the browser is connected to a trusted website. As the vehicle for the attack, the application targets the users and not the application itself. Additionally, the XSS p...
X2engine X2crm 8.0
6.1
CVSSv3
CVE-2020-21087
Cross Site Scripting (XSS) in X2Engine X2CRM v6.9 and older allows remote malicious users to execute arbitrary code by injecting arbitrary web script or HTML via the "New Name" field of the "Rename a Module" tool.
X2engine X2crm
4.8
CVSSv3
CVE-2020-21088
Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows remote malicious users to obtain sensitive information by injecting arbitrary web script or HTML via the "First Name" and "Last Name" fields in "/index.php/contacts/create page"
X2engine X2crm
6.1
CVSSv3
CVE-2021-27288
Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote malicious users to obtain sensitive information by injecting arbitrary web script or HTML via the "Comment" field in "/profile/activity" page.
8.8
CVSSv3
CVE-2014-2664
Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM prior to 4.0 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then a...
X2engine X2crm
NA
CVE-2015-5074
Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM prior to 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht extension.
X2engine X2crm
1 EDB exploit
NA
CVE-2015-5075
Cross-site request forgery (CSRF) vulnerability in X2Engine X2CRM prior to 5.2 allows remote malicious users to hijack the authentication of administrators for requests that create an administrative account via a crafted request to index.php/users/create.
X2engine X2crm
1 EDB exploit
NA
CVE-2015-5076
Multiple cross-site scripting (XSS) vulnerabilities in X2Engine X2CRM prior to 5.0.9 allow remote malicious users to inject arbitrary web script or HTML via the (1) version parameter in protected/views/admin/formEditor.php; the (2) importId parameter in protected/views/admin/roll...
X2engine X2crm
NA
CVE-2013-5692
Directory traversal vulnerability in X2Engine X2CRM prior to 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the file parameter to index.php/admin/translationManager.
X2engine X2crm 3.0.1
X2engine X2crm 3.0
X2engine X2crm 2.9.1
X2engine X2crm 2.9
X2engine X2crm 1.2.1
X2engine X2crm 1.2.0
X2engine X2crm 1.1.0
X2engine X2crm 1.0.1
X2engine X2crm 1.0
X2engine X2crm 3.4
X2engine X2crm 3.3.2
X2engine X2crm 3.3.1
X2engine X2crm
X2engine X2crm 3.2
X2engine X2crm 3.1.1
X2engine X2crm 3.0.2
X2engine X2crm 2.8.1
X2engine X2crm 2.7.2
X2engine X2crm 1.3.1
X2engine X2crm 1.2.2
X2engine X2crm 3.3
X2engine X2crm 2.7
1 EDB exploit
NA
CVE-2013-5693
Cross-site scripting (XSS) vulnerability in X2Engine X2CRM prior to 3.5 allows remote malicious users to inject arbitrary web script or HTML via the model parameter to index.php/admin/editor.
X2engine X2crm 3.1.2
X2engine X2crm 3.1.1
X2engine X2crm 3.1
X2engine X2crm 3.0.2
X2engine X2crm 1.3.1
X2engine X2crm 1.3
X2engine X2crm 1.2.2
X2engine X2crm 1.2.1
X2engine X2crm 3.3.1
X2engine X2crm 3.2
X2engine X2crm 3.0.1
X2engine X2crm 2.9.1
X2engine X2crm 2.5.2
X2engine X2crm 2.2.1
X2engine X2crm 1.1.0
X2engine X2crm 1.0
X2engine X2crm
X2engine X2crm 3.4
X2engine X2crm 2.8.1
X2engine X2crm 2.8
X2engine X2crm 2.7.2
X2engine X2crm 2.7.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started