CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Energycrm: >> Energy Crm >> 2025 Security Vulnerabilities

CVE-2025-40643

Stored Cross-Site Scripting (XSS) vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/create_job_submit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.

CVSS Score

5.4

EPSS Score

0.0

Published

2025-10-23

Page 1

Vulnerabilities

Vulnerable Software

Energycrm: >> Energy Crm >> 2025 Security Vulnerabilities

Products

Pricing

Contact Us