Perfexcrm Perfex_crm
13 CVEs affecting Perfexcrm Perfex_crm. Latest disclosed: 2025-09-29. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-17976 | Critical | 9.8 | 2018-01-26 | In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution. |
CVE-2025-10346 | Medium | 6.1 | 2025-09-29 | HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST requ… |
CVE-2025-10345 | Medium | 6.1 | 2025-09-29 | HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST requ… |
CVE-2025-10344 | Medium | 6.1 | 2025-09-29 | HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST requ… |
CVE-2025-10343 | Medium | 6.1 | 2025-09-29 | HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST requ… |
CVE-2025-10342 | Medium | 6.1 | 2025-09-29 | HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST requ… |
CVE-2025-10341 | Medium | 6.1 | 2025-09-29 | HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST requ… |
CVE-2024-44851 | Medium | 5.4 | 2024-09-11 | A stored cross-site scripting (XSS) vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via… |
CVE-2021-40303 | Medium | 5.4 | 2022-11-08 | perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clients/profile. |
CVE-2020-28961 | Medium | 5.4 | 2021-10-22 | Perfex CRM v2.4.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component ./clients/client via the company name parameter. |
CVE-2025-3219 | Low | 3.5 | 2025-04-04 | A vulnerability was found in CodeCanyon Perfex CRM 3.2.1. It has been classified as problematic. Affected is an unknown function of the file /perfex/clients/pr… |
CVE-2025-2974 | Low | 3.5 | 2025-03-31 | A vulnerability has been found in CodeCanyon Perfex CRM up to 3.2.1 and classified as problematic. This vulnerability affects unknown code of the file /contrac… |
CVE-2024-8867 | Low | 3.5 | 2024-09-15 | A vulnerability was found in Perfex CRM 3.1.6. It has been declared as problematic. This vulnerability affects unknown code of the file application/controllers… |