Perfex Crm

perfex_crm

Vendor: Perfexcrm • 13 CVEs

CVEs (13)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-10346 1Perfexcrm 1Perfex Crm Jun 17, 2026 Sep 29, 2025 5.3 MEDIUM· v4 6.1 MEDIUM· v3 N/A· v2 HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'subject' at the endpoint 'knoewledge_b...Show more HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'subject' at the endpoint 'knoewledge_base/article'.Show less
CVE-2025-10345 1Perfexcrm 1Perfex Crm Jun 17, 2026 Sep 29, 2025 5.3 MEDIUM· v4 6.1 MEDIUM· v3 N/A· v2 HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'name' and 'address' at the endpoint 'a...Show more HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'name' and 'address' at the endpoint 'admin/leads/lead'.Show less
CVE-2025-10344 1Perfexcrm 1Perfex Crm Jun 17, 2026 Sep 29, 2025 5.3 MEDIUM· v4 6.1 MEDIUM· v3 N/A· v2 HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'name' and 'clientid' at the endpoint '...Show more HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'name' and 'clientid' at the endpoint '/projects/project/x'.Show less
CVE-2025-10343 1Perfexcrm 1Perfex Crm Jun 17, 2026 Sep 29, 2025 5.3 MEDIUM· v4 6.1 MEDIUM· v3 N/A· v2 HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'expense_name' at the endpoint '/expense...Show more HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'expense_name' at the endpoint '/expenses/expense'.Show less
CVE-2025-10342 1Perfexcrm 1Perfex Crm Jun 17, 2026 Sep 29, 2025 5.3 MEDIUM· v4 6.1 MEDIUM· v3 N/A· v2 HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'name' at the endpoint '/subscriptions/c...Show more HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'name' at the endpoint '/subscriptions/create'.Show less
CVE-2025-10341 1Perfexcrm 1Perfex Crm Jun 17, 2026 Sep 29, 2025 5.3 MEDIUM· v4 6.1 MEDIUM· v3 N/A· v2 HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'company' at the endpoint '/clients/clie...Show more HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'company' at the endpoint '/clients/client/x.Show less
CVE-2025-3219 1Perfexcrm 1Perfex Crm Jun 17, 2026 Apr 4, 2025 5.1 MEDIUM· v4 5.4 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability was found in CodeCanyon Perfex CRM 3.2.1. It has been classified as problematic. Affected is an unknown function of the file /perfex/clients/project/2 of the component Project Discussions Module. The mani...Show more A vulnerability was found in CodeCanyon Perfex CRM 3.2.1. It has been classified as problematic. Affected is an unknown function of the file /perfex/clients/project/2 of the component Project Discussions Module. The manipulation of the argument description leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-2974 1Perfexcrm 1Perfex Crm Jun 17, 2026 Mar 31, 2025 5.1 MEDIUM· v4 5.4 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability has been found in CodeCanyon Perfex CRM up to 3.2.1 and classified as problematic. This vulnerability affects unknown code of the file /contract of the component Contracts. The manipulation of the argumen...Show more A vulnerability has been found in CodeCanyon Perfex CRM up to 3.2.1 and classified as problematic. This vulnerability affects unknown code of the file /contract of the component Contracts. The manipulation of the argument content leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-8867 1Perfexcrm 1Perfex Crm Jun 17, 2026 Sep 15, 2024 5.3 MEDIUM· v4 5.4 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability was found in Perfex CRM 3.1.6. It has been declared as problematic. This vulnerability affects unknown code of the file application/controllers/Clients.php of the component Parameter Handler. The manipula...Show more A vulnerability was found in Perfex CRM 3.1.6. It has been declared as problematic. This vulnerability affects unknown code of the file application/controllers/Clients.php of the component Parameter Handler. The manipulation of the argument message leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.Show less
CVE-2024-44851 1Perfexcrm 1Perfex Crm Jun 17, 2026 Sep 11, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A stored cross-site scripting (XSS) vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter.
CVE-2021-40303 1Perfexcrm 1Perfex Crm Jun 17, 2026 Nov 8, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clients/profile.
CVE-2020-28961 1Perfexcrm 1Perfex Crm Jun 17, 2026 Oct 22, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Perfex CRM v2.4.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component ./clients/client via the company name parameter.
CVE-2017-17976 1Perfexcrm 1Perfex Crm Nov 21, 2024 Jan 26, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution.