Unrated severityNVD Advisory· Published Oct 2, 2025· Updated Oct 2, 2025
Stored XSS in Creativeitem Ekushey CRM
CVE-2025-40990
Description
Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_bug/create/xxx", affecting to "title" and "description" parameters via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2= 5.0+ 1 more
- (no CPE)range: = 5.0
- (no CPE)range: 5.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.