Perfexcrm: >> Perfex Crm Security Vulnerabilities
A vulnerability was found in Perfex CRM 3.1.6. It has been declared as problematic. This vulnerability affects unknown code of the file application/controllers/Clients.php of the component Parameter Handler. The manipulation of the argument message leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
CVSS Score
3.5
EPSS Score
0.0
Published
2024-09-15
A stored cross-site scripting (XSS) vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-09-11
perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clients/profile.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-11-08
Perfex CRM v2.4.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component ./clients/client via the company name parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-10-22
In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution.
CVSS Score
9.8
EPSS Score
0.173
Published
2018-01-26