Security Advisory

CVE-2025-40991

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-02 10:45:42

Last updated 2025-10-02 15:53:10

Assigner INCIBE

State PUBLISHED

Description

Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_file/upload/xxxx", affecting to "description" parameter via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details.

← Browse all CVEs View on cve.org ↗