«Ekushey Project Manager CRM» have no input field filtering, so you can post any payload u want on almost each page with input field on it.
PoC: go to the authors demo website http://creativeitem.com/demo/ekushey/index.php/login and log in as admin and then go to the «System Settings» page ( http://creativeitem.com/demo/ekushey/index.php/admin/system_settings ). Most usefull fields is «System Name», «System Title» and «Address», test any payload u want, f.e.: "><script>alert(1)</script> or "><img src="x" onerror="window.location.replace('https://cxsecurity.com/');"> - all this stuff will work. The whole project is vunnerable to Stored XSS attacks, so you can save your payloads on almost each page with input field on it: «Manage Client», «Manage Project», «Running Team Tasks», etc. etc.