CVE-2025-40646

CVE-2025-40646 describes a Stored Cross-Site Scripting (XSS) in Energy CRM v2025 by Status Tracker Ltd. The vulnerability arises from insufficient validation of user input in a POST to /crm/create_job_submit.php, using the JobCreatedBy parameter. An attacker could craft a request that, when viewe...