CVE-2026-4165 | Worksuite HR, CRM and Project Management up to 5.5.25 /account/orders/create Client Note cross site scripting

Inserito da Angelo Barbosa | Mar 14, 2026 | CVE

A vulnerability was found in Worksuite HR, CRM and Project Management up to 5.5.25. It has been rated as problematic. The affected element is an unknown function of the file /account/orders/create. The manipulation of the argument Client Note leads to cross site scripting.

This vulnerability is documented as CVE-2026-4165. The attack can be initiated remotely. Additionally, an exploit exists.

CVE-2026-4165 | Worksuite HR, CRM and Project Management up to 5.5.25 /account/orders/create Client Note cross site scripting

Post correlati

CVE-2025-47151 | Entr’ouvert Lasso 2.5.1/2.8.2 SAML Response lasso_node_impl_init_from_xml type confusion (TALOS-2025-2193)

CVE-2024-48786 | SwitchBot com.theswitchbot.switchbot 5.0.4 Firmware Update information disclosure

CVE-2023-38827 | Follet School Solutions Destiny 20_0_1_AU4 presentonesearchresultsform.do cross site scripting

CVE-2025-0299 | code-projects Online Book Shop 1.0 /search_result.php sql injection