Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-40991 | 1 Creativeitem | 1 Ekushey Project Manager Crm | 2025-10-08 | N/A | 5.4 MEDIUM |
| Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_file/upload/xxxx", affecting to "description" parameter via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details. | |||||
| CVE-2025-40990 | 1 Creativeitem | 1 Ekushey Project Manager Crm | 2025-10-08 | N/A | 5.4 MEDIUM |
| Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_bug/create/xxx", affecting to "title" and "description" parameters via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details. | |||||
| CVE-2025-40989 | 1 Creativeitem | 1 Ekushey Project Manager Crm | 2025-10-08 | N/A | 5.4 MEDIUM |
| Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_message/add/xxx", affecting to "message" parameter via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details. | |||||