CVE-2022-48177

MEDIUM

X2engine X2crm - XSS

Title source: rule

Description

X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the adin/importModels Import Records Model field (model parameter). This vulnerability allows attackers to create malicious JavaScript that will be executed by the victim user's browser.

Exploits (1)

exploitdb WORKING POC
by Betul Denizler · textwebappsphp
https://www.exploit-db.com/exploits/51346

References (2)

Scores

CVSS v3 5.4
EPSS 0.0252
EPSS Percentile 85.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
x2engine/x2crm 6.6
x2engine/x2crm 6.9
Published Apr 15, 2023
Tracked Since Feb 18, 2026