Skip to content

Multiple Cross Site Scripting in X2CRM 7.1 #183

Description

@Hades484

Hi,

I have found the multiple stored XSS in the X2crm version 7.1. I like to report them and get the CVE.

Location: http://localhost/x2crm/x2engine/index.php/contacts/create
Parameter: Last Name
Payload inserted
1
Execution of the payload
2

Location: http://localhost/x2crm/x2engine/index.php//profile/activity
Parameter: comments
payload inserted
1
Execution of the payload
2

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions