exploitDog

CVE-2025-40989

Опубликовано: 02 окт. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_message/add/xxx", affecting to "message" parameter via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-creativeitem-products
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:creativeitem:ekushey_project_manager_crm:5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 22%

0.00072

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-38m7-3q3q-x4xv

CVSS3: 5.4

github

4 месяца назад

Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_message/add/xxx", affecting to "message" parameter via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details.

EPSS

Процентиль: 22%

0.00072

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79