5 matches found
CVE-2025-55903
A HTML injection vulnerability exists in Perfex CRM v3.3.1. The application fails to sanitize user input in the "Bill To" address field within the estimate module. As a result, arbitrary HTML can be injected and rendered unescaped in client-facing documents...
CVE-2025-55903
A HTML injection vulnerability exists in Perfex CRM v3.3.1. The application fails to sanitize user input in the "Bill To" address field within the estimate module. As a result, arbitrary HTML can be injected and rendered unescaped in client-facing documents...
PT-2025-41594
Name of the Vulnerable Software and Affected Versions Perfex CRM version 3.3.1 Description The application does not properly sanitize user input in the "Bill To" address field within the estimate module. This allows for the injection of arbitrary HTML that is rendered without escaping in...
CVE-2025-55903
Summary: CVE-2025-55903 affects Perfex CRM v3.3.1 due to a failure to sanitize input in the “Bill To” address field of the estimate module, allowing HTML injection and unescaped rendering in client-facing documents. The issue is documented across multiple sources (NVD, Red Hat, EUVD, CNNVD, etc.)...
CVE-2025-55903
A HTML injection vulnerability exists in Perfex CRM v3.3.1. The application fails to sanitize user input in the "Bill To" address field within the estimate module. As a result, arbitrary HTML can be injected and rendered unescaped in client-facing documents...