Metrics
Affected Vendors & Products
No advisories yet.
Solution
No solution has been reported at this time.
Workaround
No workaround given by the vendor.
Thu, 23 Oct 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 23 Oct 2025 11:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Stored Cross-Site Scripting (XSS) vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/create_job_submit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details. | |
Title | Stored Cross-Site Scripting (XSS) in Energy CRM by Status Tracker | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: INCIBE
Published:
Updated: 2025-10-23T14:41:23.192Z
Reserved: 2025-04-16T08:38:10.820Z
Link: CVE-2025-40643

Updated: 2025-10-23T14:41:20.260Z

Status : Received
Published: 2025-10-23T11:15:31.507
Modified: 2025-10-23T11:15:31.507
Link: CVE-2025-40643

No data.

No data.