ReportizFlow
Filtered by vendor Perfexcrm
Subscriptions
Filtered by product Perfex Crm
Subscriptions
Total
13 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-10341 | 1 Perfexcrm | 1 Perfex Crm | 2025-10-02 | 6.1 Medium |
| HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'company' at the endpoint '/clients/client/x. | ||||
| CVE-2025-10342 | 1 Perfexcrm | 1 Perfex Crm | 2025-10-02 | 6.1 Medium |
| HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'name' at the endpoint '/subscriptions/create'. | ||||
| CVE-2025-10343 | 1 Perfexcrm | 1 Perfex Crm | 2025-10-02 | 6.1 Medium |
| HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'expense_name' at the endpoint '/expenses/expense'. | ||||
| CVE-2025-10344 | 1 Perfexcrm | 1 Perfex Crm | 2025-10-02 | 6.1 Medium |
| HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'name' and 'clientid' at the endpoint '/projects/project/x'. | ||||
| CVE-2025-10345 | 1 Perfexcrm | 1 Perfex Crm | 2025-10-02 | 6.1 Medium |
| HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'name' and 'address' at the endpoint 'admin/leads/lead'. | ||||
| CVE-2025-10346 | 1 Perfexcrm | 1 Perfex Crm | 2025-10-02 | 6.1 Medium |
| HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'subject' at the endpoint 'knoewledge_base/article'. | ||||
| CVE-2025-2974 | 1 Perfexcrm | 1 Perfex Crm | 2025-10-02 | 3.5 Low |
| A vulnerability has been found in CodeCanyon Perfex CRM up to 3.2.1 and classified as problematic. This vulnerability affects unknown code of the file /contract of the component Contracts. The manipulation of the argument content leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3219 | 1 Perfexcrm | 1 Perfex Crm | 2025-10-02 | 3.5 Low |
| A vulnerability was found in CodeCanyon Perfex CRM 3.2.1. It has been classified as problematic. Affected is an unknown function of the file /perfex/clients/project/2 of the component Project Discussions Module. The manipulation of the argument description leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2021-40303 | 1 Perfexcrm | 1 Perfex Crm | 2025-05-01 | 5.4 Medium |
| perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clients/profile. | ||||
| CVE-2020-28961 | 1 Perfexcrm | 1 Perfex Crm | 2024-11-21 | 5.4 Medium |
| Perfex CRM v2.4.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component ./clients/client via the company name parameter. | ||||
| CVE-2017-17976 | 1 Perfexcrm | 1 Perfex Crm | 2024-11-21 | N/A |
| In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution. | ||||
| CVE-2024-8867 | 1 Perfexcrm | 1 Perfex Crm | 2024-09-17 | 3.5 Low |
| A vulnerability was found in Perfex CRM 3.1.6. It has been declared as problematic. This vulnerability affects unknown code of the file application/controllers/Clients.php of the component Parameter Handler. The manipulation of the argument message leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2024-44851 | 1 Perfexcrm | 1 Perfex Crm | 2024-09-13 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter. | ||||
Page 1 of 1.