CVE-2013-5693
Cross-site scripting (XSS) vulnerability in X2Engine X2CRM before 3.5 allows remote attackers to inject arbitrary web script or HTML via the model parameter to index.php/admin/editor.
Date published : 2013-09-30
http://archives.neohapsis.com/archives/bugtraq/2013-09/0117.html