cbcvebase.

Creativeitem Ekushey Project Manager Crm vulnerabilities

4 known vulnerabilities affecting creativeitem/ekushey_project_manager_crm.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2023-3754P4MEDIUMCVSS 6.1v5.02023-07-19
CVE-2023-3754 [MEDIUM] CWE-79 CVE-2023-3754: A vulnerability, which was classified as problematic, was found in Creativeitem Ekushey Project Mana A vulnerability, which was classified as problematic, was found in Creativeitem Ekushey Project Manager CRM 5.0. Affected is an unknown function of the file /index.php/client/message/message_read/xxxxxxxx[random-msg-hash]. The manipulation of the argument message leads to cross site scripting. It is possible to launch the attack remotely. VDB-234426 is
nvd
CVE-2025-40991P4MEDIUMCVSS 5.4v5.02025-10-02
CVE-2025-40991 [MEDIUM] CWE-79 CVE-2025-40991: Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_file/upload/xxxx", affecting to "description" parameter via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and stea
nvd
CVE-2025-40990P4MEDIUMCVSS 5.4v5.02025-10-02
CVE-2025-40990 [MEDIUM] CWE-79 CVE-2025-40990: Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_bug/create/xxx", affecting to "title" and "description" parameters via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated us
nvd
CVE-2025-40989P4MEDIUMCVSS 5.4v5.02025-10-02
CVE-2025-40989 [MEDIUM] CWE-79 CVE-2025-40989: Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_message/add/xxx", affecting to "message" parameter via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his
nvd
Creativeitem Ekushey Project Manager Crm vulnerabilities | cvebase