CNNVD-202509-4413 Information
Sep 29, 2025
cve
CNNVD ID
CNNVD-202509-4413
Related CVE
- CNNVD Published: 2025-09-29
Description (Chinese)
Perfex CRM是Perfex CRM开源的一款客户关系管理软件。用于在云中管理客户、项目和创建发票。 Perfex CRM 3.2.1版本存在跨站脚本漏洞,该漏洞源于对端点/subscriptions/create中参数name的用户输入验证不足,可能导致存储型HTML注入攻击。
Description (English)
Perfex CRM is a client relationship management software for Perfex CRM. To manage clients, projects and create invoices in the clouds. Version Perfex CRM 3.2.1 has a cross-site script loophole that results from inadequate user input verification of parameter name in peer/subscriptions/create, which may result in a storage-type HTML injection attack.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Perfex CRM
Published
2025-09-29
Last Modified
2026-02-24
References
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-perfex-crm
Share on: