Lucene search

Perfex Crm Security Vulnerabilities - November

cve

CVE-2017-17976

In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution.

9.8CVSS

9.8AI Score

0.21EPSS

2018-01-26 08:29 PM

cve

CVE-2020-28961

Perfex CRM v2.4.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component ./clients/client via the company name parameter.

5.4CVSS

5.2AI Score

0.001EPSS

2021-10-22 08:15 PM

cve

CVE-2021-40303

perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clients/profile.

5.4CVSS

5.3AI Score

0.001EPSS

2022-11-08 06:15 PM

cve

CVE-2024-44851

A stored cross-site scripting (XSS) vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter.

5.4CVSS

5.4AI Score

0.0004EPSS

2024-09-11 04:15 PM

cve

CVE-2024-8867

A vulnerability was found in Perfex CRM 3.1.6. It has been declared as problematic. This vulnerability affects unknown code of the file application/controllers/Clients.php of the component Parameter Handler. The manipulation of the argument message leads to cross site scripting. The attack can be i...

5.4CVSS

3.9AI Score

0.001EPSS

2024-09-15 03:15 AM