Posted by Portcullis Advisories on Sep 25

Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine
CVE: CVE-2015-5076
Vendor: X2Engine Inc.
Product: X2Engine
Affected version: 4.2
Fixed version: 5.2
Reported by: Simone Quatrini
Details:

It was discovered that the web application was vulnerable to reflective Cross-Site Scripting where user supplied data
is used to generate the subsequent response. This is a normal feature of many applications, however, in this instance
the…