Lucene search
K

22 matches found

RedhatCVE
RedhatCVE
added 2025/10/06 10:8 p.m.12 views

CVE-2025-40989

Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/projectmessage/add/xxx", affecting to "message" parameter via POST. This vulnerability could allow a remote attacker to send a speciall...

5.1CVSS6AI score0.00193EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-32102

Malicious code in bioql PyPI...

5.1CVSS6.6AI score0.00193EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-32105

Malicious code in bioql PyPI...

5.1CVSS6.6AI score0.00193EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-32104

Malicious code in bioql PyPI...

5.1CVSS6.6AI score0.00193EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/03 12:48 p.m.11 views

CVE-2025-40990

Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/projectbug/create/xxx", affecting to "title" and "description" parameters via POST. This vulnerability could allow a remote attacker to...

5.1CVSS6AI score0.00193EPSS
Exploits0References1
OSV
OSV
added 2025/10/02 11:15 a.m.3 views

CVE-2025-40991

Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/projectfile/upload/xxxx", affecting to "description" parameter via POST. This vulnerability could allow a remote attacker to send a...

5.4CVSS5.8AI score0.00193EPSS
Exploits0References1
NVD
NVD
added 2025/10/02 11:15 a.m.6 views

CVE-2025-40991

Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/projectfile/upload/xxxx", affecting to "description" parameter via POST. This vulnerability could allow a remote attacker to send a...

5.4CVSS0.00193EPSS
Exploits0References1
OSV
OSV
added 2025/10/02 11:15 a.m.6 views

CVE-2025-40990

Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/projectbug/create/xxx", affecting to "title" and "description" parameters via POST. This vulnerability could allow a remote attacker to...

5.4CVSS5.8AI score0.00193EPSS
Exploits0References1
NVD
NVD
added 2025/10/02 11:15 a.m.6 views

CVE-2025-40990

Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/projectbug/create/xxx", affecting to "title" and "description" parameters via POST. This vulnerability could allow a remote attacker to...

5.4CVSS0.00193EPSS
Exploits0References1
OSV
OSV
added 2025/10/02 11:15 a.m.3 views

CVE-2025-40989

Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/projectmessage/add/xxx", affecting to "message" parameter via POST. This vulnerability could allow a remote attacker to send a speciall...

5.4CVSS5.8AI score0.00193EPSS
Exploits0References1
NVD
NVD
added 2025/10/02 11:15 a.m.3 views

CVE-2025-40989

Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/projectmessage/add/xxx", affecting to "message" parameter via POST. This vulnerability could allow a remote attacker to send a speciall...

5.4CVSS0.00193EPSS
Exploits0References1
CVE
CVE
added 2025/10/02 10:45 a.m.12 views

CVE-2025-40991

CVE-2025-40991 is a Stored XSS in Creativeitem Ekushey CRM v5.0. Root cause: lack of input validation in the project file upload endpoint at /ekushey/index.php/client/project_file/upload/xxxx, specifically the description parameter via POST. Impact (per sources): an attacker could craft input to ...

5.4CVSS5.7AI score0.00193EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/02 10:42 a.m.2 views

CVE-2025-40990 Stored XSS in Creativeitem Ekushey CRM

Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/projectbug/create/xxx", affecting to "title" and "description" parameters via POST. This vulnerability could allow a remote attacker to...

5.1CVSS5.7AI score0.00193EPSS
Exploits0References1
CVE
CVE
added 2025/10/02 10:42 a.m.10 views

CVE-2025-40990

CVE-2025-40990 describes a Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 (Creativeitem) caused by insufficient validation of user inputs in the POST endpoint /ekushey/index.php/client/project_bug/create/xxx, where the vulnerable parameters are title and description. The weakness c...

5.4CVSS5.7AI score0.00193EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/10/02 10:42 a.m.10 views

CVE-2025-40990 Stored XSS in Creativeitem Ekushey CRM

Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/projectbug/create/xxx", affecting to "title" and "description" parameters via POST. This vulnerability could allow a remote attacker to...

5.1CVSS0.00193EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/02 10:40 a.m.8 views

CVE-2025-40989 Stored XSS in Creativeitem Ekushey CRM

Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/projectmessage/add/xxx", affecting to "message" parameter via POST. This vulnerability could allow a remote attacker to send a speciall...

5.1CVSS0.00193EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/02 10:40 a.m.3 views

CVE-2025-40989 Stored XSS in Creativeitem Ekushey CRM

Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/projectmessage/add/xxx", affecting to "message" parameter via POST. This vulnerability could allow a remote attacker to send a speciall...

5.1CVSS5.7AI score0.00193EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/02 12:0 a.m.5 views

Creativeitem Ekushey CRM 跨站脚本漏洞

Creativeitem Ekushey CRM is an open source project management script from Creativeitem. A cross-site scripting vulnerability exists in Creativeitem Ekushey CRM version 5.0, which stems from a lack of user input validation and could lead to a stored cross-site scripting attack...

5.4CVSS5.9AI score0.00193EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/02 12:0 a.m.6 views

Creativeitem Ekushey CRM 跨站脚本漏洞

Creativeitem Ekushey CRM is an open source project management script by Creativeitem. A cross-site scripting vulnerability exists in Creativeitem Ekushey CRM that stems from insufficient validation of user input and could lead to a stored cross-site scripting attack...

5.1CVSS5.8AI score0.00333EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/02 12:0 a.m.5 views

PT-2025-40338

Name of the Vulnerable Software and Affected Versions Ekushey CRM version 5.0 Description A stored cross site scripting issue exists in Ekushey CRM version 5.0 due to insufficient validation of user-supplied data. The issue is located in the project file upload functionality via the...

5.1CVSS5.9AI score0.00193EPSS
Exploits0References6
Rows per page
Query Builder