PT-2024-32995 · X2Crm · X2Crm

Okan Kurtuluş

·

Published

2024-10-14

·

Updated

2024-10-29

·

CVE-2024-48120

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Name of the Vulnerable Software and Affected Versions X2CRM version 8.5
Description The issue is a stored Cross-Site Scripting (XSS) in the "Opportunities" module. An attacker can inject malicious JavaScript code into the Name field when creating a list.
Recommendations For X2CRM version 8.5, as a temporary workaround, consider restricting access to the "Opportunities" module to minimize the risk of exploitation. Avoid using the Name field in the affected module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-48120

Affected Products

X2Crm