CVE-2022-48178

Name of the Vulnerable Software and Affected Versions X2CRM Open Source Sales CRM versions 6.6 through 6.9

Description A stored cross-site scripting (XSS) issue was found in the Create Action function, specifically via the "index.php/actions/update" URI. This allows for potential malicious script execution.

Recommendations For versions 6.6 through 6.9, consider disabling the Create Action function until a patch is available. Restrict access to the "index.php/actions/update" URI to minimize the risk of exploitation. Avoid using the Create Action function in affected versions to prevent potential XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.