Multiple Cross Site Scripting in X2CRM 7.1

Hi,

I have found the multiple stored XSS in the X2crm version 7.1. I like to report them and get the CVE. 

Location: http://localhost/x2crm/x2engine/index.php/contacts/create
Parameter: Last Name
Payload inserted 
![1](https://user-images.githubusercontent.com/78723738/107608036-c6a08180-6c60-11eb-8cd0-98518fa1de8e.png)
Execution of the payload
![2](https://user-images.githubusercontent.com/78723738/107608058-da4be800-6c60-11eb-8d40-cd80dd9d96fc.png)

Location: http://localhost/x2crm/x2engine/index.php//profile/activity
Parameter: comments
payload inserted
![1](https://user-images.githubusercontent.com/78723738/107608122-0bc4b380-6c61-11eb-925a-f2b95c32531c.png)
Execution of the payload
![2](https://user-images.githubusercontent.com/78723738/107608129-141cee80-6c61-11eb-9167-e8cebaa28d6a.png)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Multiple Cross Site Scripting in X2CRM 7.1 #183

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Multiple Cross Site Scripting in X2CRM 7.1 #183

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions