Lucene search
HistoryApr 15, 2023 - 1:15 a.m.
CVE-2022-48178
cve-2022-48178
x2crm
open source
sales crm
xss
vulnerability
stored xss
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
34.6%
X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Create Action function, aka an index.php/actions/update URI.
Affected configurations
Node
x2crmx2crmMatch6.6
ORx2crmx2crmMatch6.9
| CPE | Name | Operator | Version |
|---|---|---|---|
| x2crm:x2crm | x2crm | eq | 6.6 |
| x2crm:x2crm | x2crm | eq | 6.9 |
Related
nvd
nvd
CVE-2022-48178
2023-04-15 01:15:06
zdt
zdt
X2CRM v6.6/6.9 - Stored Cross-Site Scripting (Authenticated) Vulnerability
2023-04-08 00:00:00
prion
prion
Cross site scripting
2023-04-15 01:15:00
cvelist
cvelist
CVE-2022-48178
2023-04-15 00:00:00
exploitdb
exploitdb
X2CRM v6.6/6.9 - Stored Cross-Site Scripting (XSS) (Authenticated)
2023-04-08 00:00:00
packetstorm
packetstorm
X2CRM 6.6 / 6.9 Cross Site Scripting
2023-04-10 00:00:00
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
34.6%
Related for CVE-2022-48178