CVE-2025-10343 HTML injection in Perfex CRM

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'expensename' at the endpoint '/expenses/expense'...

CVE-2025-10343 HTML injection in Perfex CRM

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'expensename' at the endpoint '/expenses/expense'...

CVE-2025-10342 HTML injection in Perfex CRM

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'name' at the endpoint '/subscriptions/create'...

CVE-2025-10342 HTML injection in Perfex CRM

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'name' at the endpoint '/subscriptions/create'...

CVE-2025-10342

Affected software : Perfex CRM v3.2.1. Vulnerability : HTML injection via stored input in the name parameter sent to POST /subscriptions/create. Root cause : insufficient validation/sanitization of user-supplied data in that endpoint. Impact : stored HTML injection; public-facing input could lead...

CVE-2025-10341 HTML injection in Perfex CRM

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'company' at the endpoint '/clients/client/x...

CVE-2025-10341 HTML injection in Perfex CRM

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'company' at the endpoint '/clients/client/x...

CVE-2025-10341

Summary: CVE-2025-10341 affects Perfex CRM v3.2.1 with a stored HTML injection vulnerability in the /clients/client/x endpoint. The issue arises from insufficient validation of the POST parameter “company,” enabling stored HTML injection. Affected software: Perfex CRM 3.2.1 (web application). Vul...

PT-2025-39818

Name of the Vulnerable Software and Affected Versions Perfex CRM version 3.2.1 Description An HTML injection issue exists in Perfex CRM version 3.2.1. This is due to insufficient validation of user-supplied data. The issue occurs when sending a POST request to the /admin/leads/lead endpoint with...

PT-2025-39817

Name of the Vulnerable Software and Affected Versions Perfex CRM version 3.2.1 Description An HTML injection issue exists in Perfex CRM version 3.2.1. This is due to insufficient validation of user-supplied data. An attacker can inject HTML code by sending a POST request to the /projects/project/...

Perfex CRM 跨站脚本漏洞

Perfex CRM is a customer relationship management software from Perfex CRM open source. It is used to manage customers, projects and create invoices in the cloud. A cross-site scripting vulnerability exists in Perfex CRM version 3.2.1, which stems from insufficient validation of user input for the...

PT-2025-39814

Name of the Vulnerable Software and Affected Versions Perfex CRM version 3.2.1 Description An HTML injection issue exists in Perfex CRM version 3.2.1. The issue is due to insufficient validation of user-supplied data. An attacker can inject HTML code by sending a POST request to the...

PT-2025-39816

Name of the Vulnerable Software and Affected Versions Perfex CRM version 3.2.1 Description An HTML injection issue exists in Perfex CRM version 3.2.1. The issue is due to insufficient validation of user-supplied data. An attacker can inject HTML code by sending a POST request to the...

PT-2025-39815

Name of the Vulnerable Software and Affected Versions Perfex CRM version 3.2.1 Description A stored HTML injection exists due to insufficient validation of user-supplied data. The issue is triggered by sending a POST request to the /subscriptions/create API endpoint with malicious content in the...

Perfex CRM 跨站脚本漏洞

Perfex CRM is a customer relationship management software from Perfex CRM open source. It is used to manage customers, projects and create invoices in the cloud. A cross-site scripting vulnerability exists in Perfex CRM version 3.2.1, which stems from insufficient validation of user input for the...

PT-2025-39819

Name of the Vulnerable Software and Affected Versions Perfex CRM version 3.2.1 Description A stored HTML injection issue exists due to insufficient validation of user-supplied data. The issue is triggered by sending a POST request with malicious content in the subject parameter to the ''/knoewled...

CVE-2025-59412

CubeCart is an ecommerce software solution. Prior to version 6.5.11, a vulnerability exists in the product reviews feature where user-supplied input is not properly sanitized before being displayed. An attacker can submit HTML tags inside the review description field. Once the administrator...

CVE-2025-59526

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Prior to version 2.0.30, there is an HTML injection vulnerability in plaintext e-mails generated by Mailgen. Projects are affected if the Mailgen.generatePlaintextemail method is used and given...

CVE-2025-59412 CubeCart Vulnerable to HTML Injection in Product Reviews Allows Malicious Links and Defacement

CubeCart is an ecommerce software solution. Prior to version 6.5.11, a vulnerability exists in the product reviews feature where user-supplied input is not properly sanitized before being displayed. An attacker can submit HTML tags inside the review description field. Once the administrator...

CVE-2025-59411 CubeCart Stored/Reflected HTML Injection Vulnerability in Contact Enquiry

CubeCart is an ecommerce software solution. Prior to version 6.5.11, the contact form’s Enquiry field accepts raw HTML and that HTML is included verbatim in the email sent to the store admin. By submitting HTML in the Enquiry, the admin receives an email containing that HTML. This indicates user...