CNNVD-202510-3264 Information

CNNVD ID

CNNVD-202510-3264

Related CVE

CVE-2025-40643

• CNNVD Published: 2025-10-23

Description (Chinese)

Energy CRM是英国Energy公司的一个企业资源管理系统。 Energy CRM v2025版本存在跨站脚本漏洞，该漏洞源于对文件/crm/create_job_submit.php中参数JobCreatedBy的用户输入验证不足，可能导致存储型跨站脚本攻击。

Description (English)

Energoprojekt CRM is an enterprise resource management system (ERPS) of the British company Energoprojekt. The Energy CRM v2025 version has a cross-site script loophole that results from insufficient user input verification of the argument JobCreatedBy in file/crm/create job submit.php, which may result in a storage-type cross-site script attack.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Energy

Published

2025-10-23

Last Modified

2026-02-24

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-energy-crm-status-tracker