{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T11:08:43.957","vulnerabilities":[{"cve":{"id":"CVE-2020-21087","sourceIdentifier":"cve@mitre.org","published":"2021-04-14T14:15:13.147","lastModified":"2024-11-21T05:12:25.477","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross Site Scripting (XSS) in X2Engine X2CRM v6.9 and older allows remote attackers to execute arbitrary code by injecting arbitrary web script or HTML via the \"New Name\" field of the \"Rename a Module\" tool."},{"lang":"es","value":"Una vulnerabilidad de tipo Cross Site Scripting (XSS) en X2engine X2CRM versiones v6.9 y anteriores, permite a atacantes remotos ejecutar código arbitrario al inyectar código web o HTML arbitrario por medio del campo \"New Name\" de la herramienta \"Rename a Module\""}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:x2engine:x2crm:*:*:*:*:*:*:*:*","versionEndIncluding":"6.9","matchCriteriaId":"83D6B813-5205-4EE3-BB5D-C6BB62F18A8C"}]}]}],"references":[{"url":"https://github.com/X2Engine/X2CRM/issues/162","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/X2Engine/X2CRM/issues/162","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}