Vulnerabilities (CVE)

Filtered by vendor Perfexcrm Subscribe
Filtered by product Perfex Crm
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-8867 1 Perfexcrm 1 Perfex Crm 2024-09-17 4.0 MEDIUM 5.4 MEDIUM
A vulnerability was found in Perfex CRM 3.1.6. It has been declared as problematic. This vulnerability affects unknown code of the file application/controllers/Clients.php of the component Parameter Handler. The manipulation of the argument message leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
CVE-2024-44851 1 Perfexcrm 1 Perfex Crm 2024-09-13 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter.
CVE-2021-40303 1 Perfexcrm 1 Perfex Crm 2024-02-28 N/A 5.4 MEDIUM
perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clients/profile.
CVE-2020-28961 1 Perfexcrm 1 Perfex Crm 2024-02-28 3.5 LOW 5.4 MEDIUM
Perfex CRM v2.4.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component ./clients/client via the company name parameter.
CVE-2017-17976 1 Perfexcrm 1 Perfex Crm 2024-02-28 7.5 HIGH 9.8 CRITICAL
In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution.