Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
Unknown

CVE-2024-48120

Disclosure Date: October 14, 2024 (last updated October 30, 2024)
X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting (XSS) in the "Opportunities" module. An attacker can inject malicious JavaScript code into the "Name" field when creating a list.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0