CVE-2025-10341

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Perfex CRM version 3.2.1

Description An HTML injection issue exists in Perfex CRM version 3.2.1. The issue is due to insufficient validation of user-supplied data. An attacker can inject HTML code by sending a POST request to the /clients/client/x endpoint with malicious content in the company parameter. This allows for stored HTML injection.

Recommendations Apply input validation and sanitization to the company parameter in the /clients/client/x endpoint.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-10341

Affected Products

Perfex Crm

CVE-2025-10341

Weakness Enumeration

Related Identifiers

Affected Products

References · 6