In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution.
9.8CVSS
9.8AI Score
0.21EPSS
Perfex CRM v2.4.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component ./clients/client via the company name parameter.
5.4CVSS
5.2AI Score
0.001EPSS
5.4CVSS
5.3AI Score
0.001EPSS
A stored cross-site scripting (XSS) vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter.
5.4CVSS
5.4AI Score
0.0004EPSS
A vulnerability was found in Perfex CRM 3.1.6. It has been declared as problematic. This vulnerability affects unknown code of the file application/controllers/Clients.php of the component Parameter Handler. The manipulation of the argument message leads to cross site scripting. The attack can be i...
5.4CVSS
3.9AI Score
0.001EPSS