CVE-2018-18417

medium

Description

In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI.

References

https://www.exploit-db.com/exploits/45681/

http://packetstormsecurity.com/files/149842/Ekushey-Project-Manager-CRM-3.1-Cross-Site-Scripting.html

Details

Source: Mitre, NVD

Published: 2018-10-19

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00224

Detections

Analytics