CVE-2026-5325

LOW

SourceCodester Simple Customer Relationship Management System Create Ticket create-ticket.php cross site scripting

Title source: cna

Description

A vulnerability was determined in SourceCodester Simple Customer Relationship Management System 1.0. This issue affects some unknown processing of the file /create-ticket.php of the component Create Ticket. This manipulation of the argument Description causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

References (5)

[Vdb Entry, Technical Description] https://vuldb.com/vuln/354656

[Signature, Permissions Required] https://vuldb.com/vuln/354656/cti

[Third Party Advisory] https://vuldb.com/submit/780766

[Exploit] https://medium.com/@hemantrajbhati5555/stored-cross-site-scripting-xss-in-simple-customer-relationship-management-system-crm-php-15a904589844

[Product] https://www.sourcecodester.com/

Scores

CVSS v3 3.5

EPSS 0.0003

EPSS Percentile 8.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79 CWE-94

Status published

Products (1)

SourceCodester/Simple Customer Relationship Management System 1.0

Published Apr 02, 2026

Tracked Since Apr 02, 2026