Lucene search
K

5 matches found

NVD
NVD
added 2025/10/10 8:15 p.m.5 views

CVE-2025-55903

A HTML injection vulnerability exists in Perfex CRM v3.3.1. The application fails to sanitize user input in the "Bill To" address field within the estimate module. As a result, arbitrary HTML can be injected and rendered unescaped in client-facing documents...

8.3CVSS0.00307EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/10 12:0 a.m.12 views

CVE-2025-55903

A HTML injection vulnerability exists in Perfex CRM v3.3.1. The application fails to sanitize user input in the "Bill To" address field within the estimate module. As a result, arbitrary HTML can be injected and rendered unescaped in client-facing documents...

0.00307EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/10 12:0 a.m.6 views

PT-2025-41594

Name of the Vulnerable Software and Affected Versions Perfex CRM version 3.3.1 Description The application does not properly sanitize user input in the "Bill To" address field within the estimate module. This allows for the injection of arbitrary HTML that is rendered without escaping in...

8.3CVSS6.9AI score0.00307EPSS
Exploits0References6
CVE
CVE
added 2025/10/10 12:0 a.m.14 views

CVE-2025-55903

Summary: CVE-2025-55903 affects Perfex CRM v3.3.1 due to a failure to sanitize input in the “Bill To” address field of the estimate module, allowing HTML injection and unescaped rendering in client-facing documents. The issue is documented across multiple sources (NVD, Red Hat, EUVD, CNNVD, etc.)...

8.3CVSS6.8AI score0.00307EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/10 12:0 a.m.3 views

CVE-2025-55903

A HTML injection vulnerability exists in Perfex CRM v3.3.1. The application fails to sanitize user input in the "Bill To" address field within the estimate module. As a result, arbitrary HTML can be injected and rendered unescaped in client-facing documents...

6.8AI score0.00307EPSS
Exploits0References2
Rows per page
Query Builder