Vulnerabilities (CVE)

Filtered by vendor Creativeitem Subscribe
Filtered by product Ekushey Project Manager
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-3754 1 Creativeitem 1 Ekushey Project Manager 2024-11-21 4.0 MEDIUM 3.5 LOW
A vulnerability, which was classified as problematic, was found in Creativeitem Ekushey Project Manager CRM 5.0. Affected is an unknown function of the file /index.php/client/message/message_read/xxxxxxxx[random-msg-hash]. The manipulation of the argument message leads to cross site scripting. It is possible to launch the attack remotely. VDB-234426 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2018-18417 1 Creativeitem 1 Ekushey Project Manager 2024-11-21 3.5 LOW 5.4 MEDIUM
In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI.