Stored XSS in Ekushey Project Manager CRM Version 3.1 by Ekushey Technologies
CVE-2018-18417
5.4MEDIUM
What is CVE-2018-18417?
A Stored Cross-Site Scripting (XSS) vulnerability exists in Ekushey Project Manager CRM version 3.1, specifically within the input and upload functionalities. This flaw allows attackers to inject malicious scripts via the name parameter in the index.php/admin/client/create URI, potentially compromising user data and session integrity. Proper validation and sanitization of user inputs are essential to defend against such attacks.