CNNVD-202510-1622 Information

CNNVD ID

CNNVD-202510-1622

Related CVE

CVE-2025-60374

• CNNVD Published: 2025-10-12

Description (Chinese)

Perfex CRM是Perfex CRM开源的一款客户关系管理软件。用于在云中管理客户、项目和创建发票。 Perfex CRM存在安全漏洞，该漏洞源于Chatbot模块未过滤用户输入，可能导致存储型跨站脚本（XSS）攻击。

Description (English)

Perfex CRM is a client relationship management software for Perfex CRM. To manage clients, projects and create invoices in the clouds. Perfex CRM has a security loophole, which stems from the unfiltered user input of the Chatbot module and could lead to a storage-type cross-site script (XSS) attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Perfex CRM

Published

2025-10-12

Last Modified

2026-02-24

References

https://github.com/ajansha/CVE-2025-60374 https://cxsecurity.com/issue/WLB-2025100008 https://access.redhat.com/security/cve/cve-2025-60374