CVE-2022-48177
- Source
- https://cve.org/CVERecord?id=CVE-2022-48177
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48177.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-48177
- Published
- 2023-04-15T01:15:06.867Z
- Modified
- 2026-04-10T04:53:01.349556Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the adin/importModels Import Records Model field (model parameter). This vulnerability allows attackers to create malicious JavaScript that will be executed by the victim user's browser.
- References
Affected packages
Git / github.com/x2engine/x2crm
Affected ranges
- Type
- GIT
- Repo
- https://github.com/x2engine/x2crm
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "6.6" }, { "introduced": "0" }, { "last_affected": "6.9" } ] }
Affected versions
0.*
0.9.10
0.9.10.1
1.*
1.0
1.0.1
1.1.0
1.1.1
1.2.0
1.2.1
1.2.2
1.3
1.4
1.5
1.6
1.6.1
1.6.5
1.6.5.1
1.6.6
2.*
2.0
2.1
2.1.1
2.2
2.2.1
2.5
2.5.2
2.7
2.7.1
2.7.2
2.8
2.8.1
2.9
2.9.1
3.*
3.0
3.0.1
3.0.2
3.1
3.1.1
3.1.2
3.2
3.3
3.3.1
3.3.2
3.4
3.4.1
3.5
3.5.1
3.5.2
3.5.5
3.5.6
3.6
3.6.1
3.6.2
3.6.3
3.7
3.7.1
3.7.2
3.7.3
3.7.3b
3.7.4
3.7.5
4.*
4.0
4.0.2
4.1
4.1.1
4.1.2
4.1.2b
4.1.3
4.1.4
4.1.4b
4.1.5
4.1.6
4.1.6b
4.1.6b2
4.1.7
4.2
4.2b
4.3
4.3b
5.*
5.0.2
5.0.3
5.0.3b
5.0.4
5.0.5
5.0.5b
5.0.6
5.0.7
5.0.8
5.0.9
5.0b
5.2
5.2.1
5.3
5.3.1
5.4
5.4.1
5.4.2
5.4.3
5.5
6.*
6.0
6.0.1
6.0.4
6.5
6.5.2
6.6
6.9