CVE-2020-21088

Name of the Vulnerable Software and Affected Versions: X2engine X2CRM versions prior to 7.1

Description: The issue allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the First Name and Last Name fields in the "/index.php/contacts/create" page. This is a Cross Site Scripting (XSS) issue.

Recommendations: For versions prior to 7.1, update to a version that contains a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting input for the First Name and Last Name fields to minimize the risk of arbitrary script injection.