CVE-2025-10345

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Perfex CRM version 3.2.1

Description An HTML injection issue exists in Perfex CRM version 3.2.1. This is due to insufficient validation of user-supplied data. The issue occurs when sending a POST request to the /admin/leads/lead endpoint with malicious HTML code in the name and address parameters. This allows for stored HTML injection.

Recommendations Apply appropriate input validation and sanitization to the name and address parameters in the /admin/leads/lead endpoint.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-10345

Affected Products

Perfex Crm

CVE-2025-10345

Weakness Enumeration

Related Identifiers

Affected Products

References · 6