Lucene search

[email protected]CVE-2022-48177

HistoryApr 15, 2023 - 1:15 a.m.

CVE-2022-48177

2023-04-1501:15:06

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-48177

x2crm

open source

sales crm

reflected xss

vulnerability

nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

34.6%

JSON

X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the adin/importModels Import Records Model field (model parameter). This vulnerability allows attackers to create malicious JavaScript that will be executed by the victim user’s browser.

Affected configurations

NVD

Node

x2crmx2crmMatch6.6

x2crmx2crmMatch6.9

CPENameOperatorVersion
x2crm:x2crmx2crmeq6.6
x2crm:x2crmx2crmeq6.9

CPE	Name	Operator	Version
x2crm:x2crm	x2crm	eq	6.6
x2crm:x2crm	x2crm	eq	6.9

References

packetstormsecurity.com/files/171792/X2CRM-6.6-6.9-Cross-Site-Scripting.html

sourceforge.net/projects/x2engine/