CVE-2020-21087

Name of the Vulnerable Software and Affected Versions: X2Engine X2CRM versions prior to 6.9

Description: The issue allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the New Name field of the Rename a Module tool. This is a Cross Site Scripting (XSS) issue.

Recommendations: For versions prior to 6.9, update to a version newer than 6.9 to resolve the issue. As a temporary workaround, consider restricting access to the Rename a Module tool to minimize the risk of exploitation. Avoid using the New Name field in the affected tool until the issue is resolved.