Cross Site Scripting Vulnerability in SourceCodester CRM
CVE-2026-5325

5.1MEDIUM

Key Information:

Vendor

Sourcecodester
Status
Simple Customer Relationship Management System
Vendor
CVE Published:
2 April 2026

What is CVE-2026-5325?

A vulnerability has been identified in the SourceCodester Simple Customer Relationship Management System 1.0. This issue arises from inadequate handling of the argument Description within the /create-ticket.php file of the Create Ticket component. An attacker can exploit this weakness to execute Cross Site Scripting (XSS) attacks. The vulnerability allows for remote exploitation, and details of its exploitation have been publicly disclosed, exposing users to potential security risks.

Affected Version(s)

Simple Customer Relationship Management System 1.0

References

https://vuldb.com/vuln/354656
vdb-entrytechnical-description
https://vuldb.com/vuln/354656/cti
signaturepermissions-required
https://vuldb.com/submit/780766
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Hemant Raj Bhati (VulDB User)
.