Creativeitem Ekushey Crm vulnerabilities
3 known vulnerabilities affecting creativeitem/ekushey_crm.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2025-40991P4MEDIUMCVSS 5.4v5.02025-10-02
CVE-2025-40991 [MEDIUM] CWE-79 CVE-2025-40991: Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper
Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_file/upload/xxxx", affecting to "description" parameter via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and stea
nvd
CVE-2025-40990P4MEDIUMCVSS 5.4v5.02025-10-02
CVE-2025-40990 [MEDIUM] CWE-79 CVE-2025-40990: Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper
Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_bug/create/xxx", affecting to "title" and "description" parameters via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated us
nvd
CVE-2025-40989P4MEDIUMCVSS 5.4v5.02025-10-02
CVE-2025-40989 [MEDIUM] CWE-79 CVE-2025-40989: Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper
Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_message/add/xxx", affecting to "message" parameter via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his
nvd