cbcvebase.

Creativeitem Ekushey Crm vulnerabilities

3 known vulnerabilities affecting creativeitem/ekushey_crm.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2025-40991P4MEDIUMCVSS 5.4v5.02025-10-02
CVE-2025-40991 [MEDIUM] CWE-79 CVE-2025-40991: Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_file/upload/xxxx", affecting to "description" parameter via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and stea
nvd
CVE-2025-40990P4MEDIUMCVSS 5.4v5.02025-10-02
CVE-2025-40990 [MEDIUM] CWE-79 CVE-2025-40990: Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_bug/create/xxx", affecting to "title" and "description" parameters via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated us
nvd
CVE-2025-40989P4MEDIUMCVSS 5.4v5.02025-10-02
CVE-2025-40989 [MEDIUM] CWE-79 CVE-2025-40989: Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_message/add/xxx", affecting to "message" parameter via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his
nvd
Creativeitem Ekushey Crm vulnerabilities | cvebase