Every CVE whose affected-product data names X2engine X2crm, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2014-2664 — CVSS 8.8 (high): Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in…
CVE-2013-5692 — CVSS 8.5 (high): Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows remote authenticated administrators to include and execute arbitrary…
CVE-2015-5074 — CVSS 7.5 (high): Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM…
CVE-2015-5075 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in X2Engine X2CRM before 5.2 allows remote attackers to hijack the authentication of…
CVE-2020-21087 — CVSS 6.1 (medium): Cross Site Scripting (XSS) in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web…
CVE-2021-27288 — CVSS 6.1 (medium): Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attackers to obtain sensitive information by injecting arbitrary web script…
CVE-2021-33853 — CVSS 5.4 (medium): A Cross-Site Scripting (XSS) attack can cause arbitrary code (javascript) to run in a user’s browser while the browser is connected to a…
CVE-2024-48120 — CVSS 5.4 (medium): X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting (XSS) in the "Opportunities" module. An attacker can inject malicious JavaScript…
CVE-2022-48177 — CVSS 5.4 (medium): X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the…
CVE-2022-48178 — CVSS 5.4 (medium): X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Create Action…
CVE-2020-21088 — CVSS 4.8 (medium): Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary…
CVE-2015-5076 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in X2Engine X2CRM before 5.0.9 allow remote attackers to inject arbitrary web script or…
CVE-2013-5693 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in X2Engine X2CRM before 3.5 allows remote attackers to inject arbitrary web script or HTML via…