CVE-2021-33853 - AskarLabs CVE Database

CVE-2021-33853

Vendor N/A

Product X2CRM

Weakness CWE-79 · XSS

Published March 16, 2022

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A Cross-Site Scripting (XSS) attack can cause arbitrary code (javascript) to run in a user’s browser while the browser is connected to a trusted website. As the vehicle for the attack, the application targets the users and not the application itself. Additionally, the XSS payload is executed when the user attempts to access any page of the CRM.

Key dates

02Disclosure timeline

March 16, 2022 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-33853 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2023-4116 PHP Jabbers Taxi Booking index.php cross site scripting CVE-2026-6646 The7 <= 14.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode 'link' Parameter CVE-2025-1332 FastCMS Template Menu menu cross site scripting CVE-2023-5743 Telephone Number Linker <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2024-10851 Razorpay Payment Button <= 2.4.6 - Reflected Cross-Site Scripting