CVE-2026-5325 MEDIUM

CVE-2026-5325: SourceCodester Simple Customer Relationship Management System Create Ticket create-ticket.php cross site scripting

Vendor Sourcecodester

Product Simple Customer Relationship Management System

Weakness CWE-79 · XSS

Published April 2, 2026

Last update April 2, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A vulnerability was determined in SourceCodester Simple Customer Relationship Management System 1.0. This issue affects some unknown processing of the file /create-ticket.php of the component Create Ticket. This manipulation of the argument Description causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

Key dates

Disclosure timeline

April 2, 2026 CVE published

April 2, 2026 Record updated

Identifiers

CVE CVE-2026-5325

CWE CWE-79

CVSS 5.1 / MEDIUM

Affected versions

Vendor Sourcecodester

Product Simple Customer Relationship Management System

Affected 1.0