CVE-2025-40991 Stored XSS in Creativeitem Ekushey CRM

Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/projectfile/upload/xxxx", affecting to "description" parameter via POST. This vulnerability could allow a remote attacker to send a...

CVE-2021-32202

In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post description" filed in the blog post creation page...

Code injection

In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post description" filed in the blog post creation page...

CS-Cart 跨站脚本漏洞

CS-Cart is an e-commerce platform developed from the former open source PHP. A cross-site scripting vulnerability exists in CS-Cart version 4.11.1, which stems from the lack of effective validation and escaping of user input in the post description on the blog post creation page in the software,...