CVE-2024-8867

Name of the Vulnerable Software and Affected Versions: Perfex CRM version 3.1.6

Description: A problem exists in the file application/controllers/Clients.php of the component Parameter Handler. The manipulation of the message argument leads to cross-site scripting. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue.

Recommendations: For Perfex CRM version 3.1.6, apply a patch to fix this issue. As a temporary workaround, consider restricting access to the vulnerable message parameter in the affected API endpoint until a patch is available.