Plattform
php
Komponente
simple-customer-relationship-management-system
Behoben in
1.0.1
CVE-2026-5325 describes a cross-site scripting (XSS) vulnerability discovered in SourceCodester Simple Customer Relationship Management System, affecting version 1.0. This vulnerability allows an attacker to inject malicious scripts through manipulation of the Description argument within the /create-ticket.php file. Successful exploitation can lead to data theft and website defacement, impacting user trust and potentially leading to further compromise. A fix is pending.
The XSS vulnerability in Simple Customer Relationship Management System allows an attacker to inject arbitrary JavaScript code into the application. This code can then be executed in the context of a user's browser when they visit the affected page. An attacker could leverage this to steal session cookies, redirect users to malicious websites, or deface the website. The impact is amplified if the application is used to store sensitive customer data, as an attacker could potentially access or modify this information. The publicly disclosed nature of this vulnerability increases the risk of exploitation.
This vulnerability has been publicly disclosed, increasing the likelihood of exploitation. While the CVSS score is LOW, the ease of exploitation and potential impact on user data warrant immediate attention. No known active campaigns targeting this specific vulnerability have been reported at the time of writing, but the public disclosure makes it a prime candidate for opportunistic attacks. The vulnerability was published on 2026-04-02.
Organizations using Simple Customer Relationship Management System version 1.0, particularly those with publicly accessible instances or those handling sensitive customer data, are at risk. Shared hosting environments where multiple users share the same server are also at increased risk, as a compromised account could be used to exploit the vulnerability and impact other users.
• php / web:
curl -I 'http://your-target/create-ticket.php?Description=<script>alert("XSS")</script>' | grep -i 'X-Powered-By'• generic web:
curl -s 'http://your-target/create-ticket.php?Description=<script>alert("XSS")</script>' | grep 'alert("XSS")'disclosure
Exploit-Status
EPSS
0.03% (9% Perzentil)
CISA SSVC
CVSS-Vektor
Due to the lack of a provided fixed version, immediate mitigation strategies are crucial. Implement strict input validation and output encoding on the Description field in /create-ticket.php to prevent the injection of malicious scripts. Consider using a Web Application Firewall (WAF) with XSS protection rules to filter out potentially harmful requests. Regularly scan the application for XSS vulnerabilities using automated tools. After implementing these mitigations, thoroughly test the /create-ticket.php functionality to ensure that input validation is effective and does not break legitimate use cases.
Aktualisieren Sie auf eine korrigierte Version des CRM-Systems. Wenden Sie sich an den Anbieter, um einen Patch oder eine aktualisierte Version zu erhalten, die die Cross-Site Scripting (XSS)-Schwachstelle in der Datei create-ticket.php behebt.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-5325 is a cross-site scripting (XSS) vulnerability in Simple Customer Relationship Management System version 1.0, allowing attackers to inject malicious scripts via the Description field in /create-ticket.php.
You are affected if you are using Simple Customer Relationship Management System version 1.0 and have not applied a patch or implemented mitigating controls.
Upgrade to a patched version of Simple Customer Relationship Management System. If a patch is unavailable, implement input validation and output encoding, and consider a WAF.
While no confirmed exploitation campaigns are currently known, the vulnerability is publicly disclosed, increasing the likelihood of exploitation.
Refer to the SourceCodester website or relevant security forums for updates and advisories regarding CVE-2026-5325.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.