Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-8867 | 1 Perfexcrm | 1 Perfex Crm | 2024-09-17 | 4.0 MEDIUM | 5.4 MEDIUM |
A vulnerability was found in Perfex CRM 3.1.6. It has been declared as problematic. This vulnerability affects unknown code of the file application/controllers/Clients.php of the component Parameter Handler. The manipulation of the argument message leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. | |||||
CVE-2024-44851 | 1 Perfexcrm | 1 Perfex Crm | 2024-09-13 | N/A | 5.4 MEDIUM |
A stored cross-site scripting (XSS) vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter. | |||||
CVE-2021-40303 | 1 Perfexcrm | 1 Perfex Crm | 2024-02-28 | N/A | 5.4 MEDIUM |
perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clients/profile. | |||||
CVE-2020-28961 | 1 Perfexcrm | 1 Perfex Crm | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
Perfex CRM v2.4.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component ./clients/client via the company name parameter. | |||||
CVE-2017-17976 | 1 Perfexcrm | 1 Perfex Crm | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution. |