Published: 30/09/2013 Updated: 11/10/2013

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in X2Engine X2CRM prior to 3.5 allows remote malicious users to inject arbitrary web script or HTML via the model parameter to index.php/admin/editor.

Vulnerable Product	Search on Vulmon	Subscribe to Product
x2engine x2crm 3.1.2
x2engine x2crm 3.1.1
x2engine x2crm 3.1
x2engine x2crm 3.0.2
x2engine x2crm 1.3.1
x2engine x2crm 1.3
x2engine x2crm 1.2.2
x2engine x2crm 1.2.1
x2engine x2crm 3.3.1
x2engine x2crm 3.2
x2engine x2crm 3.0.1
x2engine x2crm 2.9.1
x2engine x2crm 2.5.2
x2engine x2crm 2.2.1
x2engine x2crm 1.1.0
x2engine x2crm 1.0
x2engine x2crm
x2engine x2crm 3.4
x2engine x2crm 2.8.1
x2engine x2crm 2.8
x2engine x2crm 2.7.2
x2engine x2crm 2.7.1
x2engine x2crm 3.3.2
x2engine x2crm 3.3
x2engine x2crm 3.0
x2engine x2crm 2.9
x2engine x2crm 2.7
x2engine x2crm 2.5
x2engine x2crm 2.2
x2engine x2crm 1.2.0
x2engine x2crm 1.0.1

Advisory ID: HTB23172 Product: X2CRM Vendor: X2Engine Inc Vulnerable Version(s): 341 and probably prior Tested Version: 341 Advisory Published: September 4, 2013 Vendor Notification: September 4, 2013 Vendor Patch: September 10, 2013 Public Disclosure: September 25, 2013 Vulnerability Type: PHP File Inclusion [CWE-98], Cross-Site Scripting [CW ...

X2CRM version 341 suffers from cross site scripting and local file inclusion vulnerabilities ...

CWE-79 http://www.exploit-db.com/exploits/28557 http://archives.neohapsis.com/archives/bugtraq/2013-09/0117.html http://osvdb.org/97366 https://www.htbridge.com/advisory/HTB23172 https://nvd.nist.gov https://www.exploit-db.com/exploits/28557/

CVE-2013-5693

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect