X2Engine X2CRM is an application from X2Engine USA, Inc. a next-generation social selling application for small and medium-sized businesses. X2Engine X2CRM version 8.0 contains a cross-site scripting vulnerability that stems from the programβs lack of data validation filtering of user-supplied data and output. An attacker could exploit this vulnerability to cause arbitrary code execution when a userβs browser connects to a trusted website.