CVE-2024-44851 Information

Description

A stored cross-site scripting (XSS) vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter.

Reference

https://github.com/0xashfaq/File-Sharing-module-for-Perfex-CRM-XSS/ https://gist.github.com/0xashfaq/e44a6dece3be498241aebcfaa046e634