CVE-2025-10343
CVE-2025-10343 describes a stored HTML injection in Perfex CRM v3.2.1 caused by insufficient validation of user input. An attacker can inject HTML by sending a POST request to the /expenses/expense endpoint, with the malicious content in the expense_name parameter. The connected sources confirm P...