CVE-2013-5693
X2Engine X2CRM < 3.5 - Cross-Site Scripting via Model Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-5693. PoCs published by High-Tech Bridge SA.
AI-analyzed exploit summary The advisory details two vulnerabilities in X2CRM: a PHP file inclusion vulnerability (CVE-2013-5692) allowing arbitrary local file inclusion via the 'file' parameter, and a cross-site scripting (XSS) vulnerability (CVE-2013-5693) via the 'model' parameter. Both require administrative privileges or CSRF exploitation.
Description
Cross-site scripting (XSS) vulnerability in X2Engine X2CRM before 3.5 allows remote attackers to inject arbitrary web script or HTML via the model parameter to index.php/admin/editor.
Exploits (1)
The advisory details two vulnerabilities in X2CRM: a PHP file inclusion vulnerability (CVE-2013-5692) allowing arbitrary local file inclusion via the 'file' parameter, and a cross-site scripting (XSS) vulnerability (CVE-2013-5693) via the 'model' parameter. Both require administrative privileges or CSRF exploitation.