CVE-2025-40640 | Status Tracker Energy CRM 2025 Query create_invoice_submit.php customerName_0 cross site scripting

Inserito da Angelo Barbosa | Ott 10, 2025 | CVE

A vulnerability categorized as problematic has been discovered in Status Tracker Energy CRM 2025. This affects an unknown function of the file /crm/create_invoice_submit.php of the component Query Handler. Executing manipulation of the argument customerName_0 can lead to cross site scripting.

The identification of this vulnerability is CVE-2025-40640. The attack may be launched remotely. There is no exploit available.

CVE-2025-40640 | Status Tracker Energy CRM 2025 Query create_invoice_submit.php customerName_0 cross site scripting

Post correlati

CVE-2024-12554 | Peter Custom Anti-Spam Plugin up to 3.2.3 on WordPress cas_register_post cross-site request forgery

CVE-2025-7434 | Tenda FH451 up to 1.0.0.9 POST Request /goform/addressNat fromAddressNat page stack-based overflow

CVE-2024-1439 | Moodle LMS up to 4.2 access control

CVE-2024-1622 | NLnet Labs Routinator RTR Connection incorrect check of function return value