Energy Crm

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2025-40646 MEDIUM This Month

Stored Cross-Site Scripting (XSS) vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/create_job_submit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.

XSS PHP Energy Crm

NVD

CVSS 3.1

5.4

EPSS

0.0%

CVE-2025-40646

EPSS 0% CVSS 5.4

MEDIUM This Month

Stored Cross-Site Scripting (XSS) vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/create_job_submit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.

XSS PHP Energy Crm

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy