Vulnerabilities (CVE)

Vendor filter

X2engine Subscribe

Filter

8 total CVE
CVE Vendors Products Updated CVSS
CVE-2015-5076 1 X2engine 1 X2crm 2018-10-09 4.3
Multiple cross-site scripting (XSS) vulnerabilities in X2Engine X2CRM before 5.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) version parameter in protected/views/admin/formEditor.php; the (2) importId parameter in...
CVE-2015-5075 1 X2engine 1 X2crm 2018-10-09 6.8
Cross-site request forgery (CSRF) vulnerability in X2Engine X2CRM before 5.2 allows remote attackers to hijack the authentication of administrators for requests that create an administrative account via a crafted request to index.php/users/create.
CVE-2015-5074 1 X2engine 1 X2crm 2018-10-09 7.5
Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM before 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht...
CVE-2014-5298 1 X2engine 1 X2engine 2018-10-09 5.0
FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks by uploading a file with an executable...
CVE-2014-5297 1 X2engine 1 X2engine 2018-10-09 7.5
The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8 through 4.1.7 allows remote attackers to conduct PHP object injection and Server-Side Request Forgery (SSRF) attacks via crafted serialized data in the...
CVE-2014-2664 1 X2engine 1 X2crm 2017-11-08 6.5
Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execute arbitrary code by uploading a file with an...
CVE-2013-5693 1 X2engine 1 X2crm 2013-10-11 4.3
Cross-site scripting (XSS) vulnerability in X2Engine X2CRM before 3.5 allows remote attackers to inject arbitrary web script or HTML via the model parameter to index.php/admin/editor.
CVE-2013-5692 1 X2engine 1 X2crm 2013-10-01 8.5
Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the file parameter to index.php/admin/translationManager.