CVE-2020-21087

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-21087

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-21087.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-21087

Published

2021-04-14T14:15:13Z

Modified

2024-11-21T05:12:25Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross Site Scripting (XSS) in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the "New Name" field of the "Rename a Module" tool.

References

https://github.com/X2Engine/X2CRM/issues/162

Affected packages

Git / github.com/x2engine/x2crm

Affected ranges

Type: GIT
Repo: https://github.com/x2engine/x2crm
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

76d58e6c7e526579dac46de17ca912824a2d3adf