CVE-2025-60374

Name of the Vulnerable Software and Affected Versions Perfex CRM versions prior to 3.3.1

Description A stored Cross-Site Scripting (XSS) issue exists in the Perfex CRM chatbot. This allows attackers to inject arbitrary HTML or JavaScript code. When a user views the chat, the injected code is executed in their browser, potentially leading to client-side code execution and session token theft. This is a distinct issue from CVE-2024-8867.

Recommendations Update Perfex CRM to version 3.3.1 or later.