CVE-2020-21088

Published: 2021-04-14T14:15Z

Last Modified: 2024-11-21T05:12Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "First Name" and "Last Name" fields in "/index.php/contacts/create page" > MITRE Terms of Use apply – see LICENSE‑MITRE.txt