CVE-2020-28961

Name of the Vulnerable Software and Affected Versions: Perfex CRM version 2.4.4

Description: A stored cross-site scripting (XSS) issue was found in the ./clients/client component of Perfex CRM, specifically via the company name parameter. This allows for malicious script execution when the parameter is processed.

Recommendations: For Perfex CRM version 2.4.4, avoid using the company name parameter in the ./clients/client component until a fix is available. As a temporary workaround, consider restricting access to this component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.