CVE-2025-10344

Name of the Vulnerable Software and Affected Versions Perfex CRM version 3.2.1

Description An HTML injection issue exists in Perfex CRM version 3.2.1. This is due to insufficient validation of user-supplied data. An attacker can inject HTML code by sending a POST request to the /projects/project/x API endpoint with malicious content in the name and clientid parameters.

Recommendations Update Perfex CRM to a version with the fix for this vulnerability. As a temporary workaround, sanitize the name and clientid parameters before processing them in the /projects/project/x API endpoint.