Security Advisory
CVE-2021-27288
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "Comment" field in "/profile/activity" page.