CNNVD-202509-4409 Information
Sep 29, 2025
cve
CNNVD ID
CNNVD-202509-4409
Related CVE
- CNNVD Published: 2025-09-29
Description (Chinese)
Perfex CRM是Perfex CRM开源的一款客户关系管理软件。用于在云中管理客户、项目和创建发票。 Perfex CRM 3.2.1版本存在跨站脚本漏洞,该漏洞源于对knowledge_base/article端点中subject参数的用户输入验证不足,可能导致存储型HTML注入。
Description (English)
Perfex CRM is a client relationship management software for Perfex CRM. To manage clients, projects and create invoices in the clouds. Version Perfex CRM 3.2.1 has a cross-site script loophole, which results from inadequate user input validation of subsubject parameters in knowledge base/article endpoint, which may result in a storage type HTML injection.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Perfex CRM
Published
2025-09-29
Last Modified
2026-02-24
References
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-perfex-crm
Share on: