PT-2025-41594 · Unknown · Perfex Crm
Ajansha
+1
·
Published
2025-10-10
·
Updated
2025-10-10
·
CVE-2025-55903
CVSS v3.1
8.3
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
Perfex CRM version 3.3.1
Description
The application does not properly sanitize user input in the "Bill To" address field within the estimate module. This allows for the injection of arbitrary HTML that is rendered without escaping in client-facing documents. The vulnerable parameter is the "Bill To" address field.
Recommendations
Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider sanitizing user input for the "Bill To" address field within the estimate module.
Exploit
Fix
Improper Encoding or Escaping of Output
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Perfex Crm