Unrated severityNVD Advisory· Published Oct 2, 2025· Updated Oct 2, 2025
Stored XSS in Creativeitem Ekushey CRM
CVE-2025-40991
Description
Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_file/upload/xxxx", affecting to "description" parameter via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2=5.0+ 1 more
- (no CPE)range: =5.0
- (no CPE)range: 5.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.