CVE-2021-40303

Name of the Vulnerable Software and Affected Versions perfex crm version 1.10

Description The issue is related to Cross Site Scripting (XSS) that can be exploited via the "/clients/profile" API endpoint. This allows for potential malicious script injection.

Recommendations For perfex crm version 1.10, as a temporary workaround, consider restricting access to the "/clients/profile" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.