Perfexcrm

Perfex Crm

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-10345

  • EPSS 0.02%
  • Veröffentlicht 29.09.2025 09:15:35
  • Zuletzt bearbeitet 02.10.2025 19:47:33

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'name' and 'address' at the endpoint 'admin/leads/lead'.

6.1

CVE-2025-10346

  • EPSS 0.02%
  • Veröffentlicht 29.09.2025 09:15:35
  • Zuletzt bearbeitet 02.10.2025 19:45:36

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'subject' at the endpoint 'knoewledge_base/article'.

6.1

CVE-2025-10342

  • EPSS 0.02%
  • Veröffentlicht 29.09.2025 09:15:34
  • Zuletzt bearbeitet 02.10.2025 19:48:32

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'name' at the endpoint '/subscriptions/create'.

6.1

CVE-2025-10343

  • EPSS 0.02%
  • Veröffentlicht 29.09.2025 09:15:34
  • Zuletzt bearbeitet 02.10.2025 19:47:50

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'expense_name' at the endpoint '/expenses/expense'.

6.1

CVE-2025-10344

  • EPSS 0.02%
  • Veröffentlicht 29.09.2025 09:15:34
  • Zuletzt bearbeitet 02.10.2025 19:47:43

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'name' and 'clientid' at the endpoint '/projects/project/x'.

6.1

CVE-2025-10341

  • EPSS 0.02%
  • Veröffentlicht 29.09.2025 09:15:33
  • Zuletzt bearbeitet 02.10.2025 19:48:57

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'company' at the endpoint '/clients/client/x.

5.4

CVE-2025-3219

Exploit
  • EPSS 0.15%
  • Veröffentlicht 04.04.2025 07:31:05
  • Zuletzt bearbeitet 02.10.2025 15:35:11

A vulnerability was found in CodeCanyon Perfex CRM 3.2.1. It has been classified as problematic. Affected is an unknown function of the file /perfex/clients/project/2 of the component Project Discussions Module. The manipulation of the argument descr...

5.4

CVE-2025-2974

Exploit
  • EPSS 0.15%
  • Veröffentlicht 31.03.2025 04:15:17
  • Zuletzt bearbeitet 02.10.2025 15:36:16

A vulnerability has been found in CodeCanyon Perfex CRM up to 3.2.1 and classified as problematic. This vulnerability affects unknown code of the file /contract of the component Contracts. The manipulation of the argument content leads to cross site ...

5.4

CVE-2024-8867

Exploit
  • EPSS 0.18%
  • Veröffentlicht 15.09.2024 03:15:01
  • Zuletzt bearbeitet 17.09.2024 10:55:05

A vulnerability was found in Perfex CRM 3.1.6. It has been declared as problematic. This vulnerability affects unknown code of the file application/controllers/Clients.php of the component Parameter Handler. The manipulation of the argument message l...

5.4

CVE-2024-44851

Exploit
  • EPSS 0.12%
  • Veröffentlicht 11.09.2024 16:15:06
  • Zuletzt bearbeitet 13.09.2024 16:34:45

A stored cross-site scripting (XSS) vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter.