CVE-2020-21088

Severity CVSS v4.0:
Pending analysis
Type:
CWE-79 Cross-Site Scripting (XSS)
Publication date:
14/04/2021
Last modified:
21/04/2021

Description

Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "First Name" and "Last Name" fields in "/index.php/contacts/create page"

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:x2engine:x2crm:*:*:*:*:*:*:*:* 7.1 (including)