CVE-2025-10343

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Perfex CRM version 3.2.1

Description An HTML injection issue exists in Perfex CRM version 3.2.1. The issue is due to insufficient validation of user-supplied data. An attacker can inject HTML code by sending a POST request to the /expenses/expense API endpoint with malicious content in the expense name parameter. This allows for stored HTML injection.

Recommendations Apply input validation and sanitization to the expense name parameter in the /expenses/expense API endpoint.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-10343

Affected Products

Perfex Crm

CVE-2025-10343

Weakness Enumeration

Related Identifiers

Affected Products

References · 6