Lucene search
K

17 matches found

OSV
OSV
added 2025/10/23 11:15 a.m.6 views

CVE-2025-40643

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createjobsubmit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote...

5.4CVSS5.9AI score0.00189EPSS
Exploits0References1
NVD
NVD
added 2025/10/23 11:15 a.m.17 views

CVE-2025-40643

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createjobsubmit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote...

5.4CVSS0.00189EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/23 10:46 a.m.6 views

EUVD-2025-35664

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createjobsubmit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote...

5.1CVSS4.4AI score0.00189EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/23 10:46 a.m.10 views

CVE-2025-40643 Stored Cross-Site Scripting (XSS) in Energy CRM by Status Tracker

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createjobsubmit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote...

5.1CVSS0.00189EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/23 10:46 a.m.5 views

CVE-2025-40643 Stored Cross-Site Scripting (XSS) in Energy CRM by Status Tracker

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createjobsubmit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote...

5.1CVSS4.5AI score0.00189EPSS
Exploits0References1
CVE
CVE
added 2025/10/23 10:46 a.m.15 views

CVE-2025-40643

Energy CRM v2025 by Status Tracker Ltd contains a Stored XSS in the /crm/create_job_submit.php endpoint via the JobCreatedBy input. The lack of proper validation allows an attacker to craft a request that could be stored and later executed in an authenticated user’s browser, potentially exposing ...

5.4CVSS4.5AI score0.00189EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/10/23 12:0 a.m.7 views

Energy CRM 跨站脚本漏洞

Energy CRM is an enterprise resource management system from Energy UK. A cross-site scripting vulnerability exists in Energy CRM version v2025, which stems from insufficient validation of user input for the parameter JobCreatedBy in the file /crm/createjobsubmit.php, which could lead to a stored...

5.4CVSS5.9AI score0.00189EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/11 8:26 a.m.7 views

CVE-2025-40640

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createinvoicesubmit.php”, using the “customerName0” parameter. This vulnerability could allow a...

5.1CVSS4.8AI score0.00193EPSS
Exploits0References1
OSV
OSV
added 2025/10/10 9:15 a.m.4 views

CVE-2025-40640

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createinvoicesubmit.php”, using the “customerName0” parameter. This vulnerability could allow a...

5.4CVSS5.9AI score0.00193EPSS
Exploits0References1
NVD
NVD
added 2025/10/10 9:15 a.m.8 views

CVE-2025-40640

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createinvoicesubmit.php”, using the “customerName0” parameter. This vulnerability could allow a...

5.4CVSS0.00193EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/10 8:19 a.m.10 views

CVE-2025-40640 Stored Cross-Site Scripting (XSS) in Energy CRM by Status Tracker

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createinvoicesubmit.php”, using the “customerName0” parameter. This vulnerability could allow a...

5.1CVSS0.00193EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/10 8:19 a.m.6 views

CVE-2025-40640 Stored Cross-Site Scripting (XSS) in Energy CRM by Status Tracker

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createinvoicesubmit.php”, using the “customerName0” parameter. This vulnerability could allow a...

5.1CVSS4.5AI score0.00193EPSS
Exploits0References1
CVE
CVE
added 2025/10/10 8:19 a.m.15 views

CVE-2025-40640

Energy CRM v2025 (Status Tracker Ltd) contains a stored Cross-Site Scripting (XSS) flaw exploitable via a POST to /crm/create_invoice_submit.php using the customerName_0 parameter. Lack of input validation allows a remote attacker to craft a query that could be processed by an authenticated user,...

5.4CVSS4.5AI score0.00193EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/10 12:0 a.m.8 views

PT-2025-41534

Name of the Vulnerable Software and Affected Versions Energy CRM version 2025 Description A stored Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data. A remote user can potentially send a malicious query to an authenticated user, potentially leading to the...

5.1CVSS5.7AI score0.00193EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/10/10 12:0 a.m.4 views

Energy CRM 跨站脚本漏洞

Energy CRM is an enterprise resource management system from Energy UK. A cross-site scripting vulnerability exists in Energy CRM version v2025, which stems from insufficient input validation of the parameter customerName0 in the file /crm/createinvoicesubmit.php, which could lead to a stored...

5.4CVSS5.9AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/06 9:5 p.m.5 views

CVE-2025-40646

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createjobsubmit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote...

5.1CVSS4.8AI score0.00193EPSS
Exploits0References1
OSV
OSV
added 2025/10/02 10:15 a.m.5 views

CVE-2025-40646

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createjobsubmit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote...

5.4CVSS5.9AI score0.00193EPSS
Exploits0References1
Rows per page
Query Builder