CVE-2018-18417: XSS
First published: Fri Oct 19 2018(Updated: )
In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Creativeitem Ekushey Project Manager | =3.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-18417?
The severity of CVE-2018-18417 is medium, with a severity value of 5.4.
How does CVE-2018-18417 affect Ekushey Project Manager CRM?
In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI.
What software versions are affected by CVE-2018-18417?
CVE-2018-18417 affects version 3.1 of Creativeitem Ekushey Project Manager CRM.
Are there any fixes available for CVE-2018-18417?
It is recommended to update to a patched version of Ekushey Project Manager CRM to fix CVE-2018-18417.
What is the CWE category of CVE-2018-18417?
CVE-2018-18417 falls under CWE category 79 (Cross-Site Scripting).
- collector/nvd-index
- agent/references
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/severity
- agent/event
- agent/description
- agent/first-publish-date
- agent/tags
- agent/source
- vendor/creativeitem
- canonical/creativeitem ekushey project manager
- version/creativeitem ekushey project manager/3.1