X2CRM Open Source Sales CRM 6.6 and 6.9 exists to contain a reflected cross-site scripting (XSS) vulnerability via the adin/importModels Import Records Model field (model parameter). This vulnerability allows malicious users to create malicious JavaScript that will be executed by the victim user's browser.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
x2crm x2crm 6.9 |
||
x2crm x2crm 6.6 |