Perfexcrm Perfex Crm vulnerabilities
13 known vulnerabilities affecting perfexcrm/perfex_crm.
Total CVEs
13
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM12
Vulnerabilities
Page 1 of 1
CVE-2017-17976P2CRITICALCVSS 9.8PoCv1.9.72018-01-26
CVE-2017-17976 [CRITICAL] CWE-434 CVE-2017-17976: In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution.
In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution.
nvd
CVE-2025-10344P4MEDIUMCVSS 6.1≥ 3.2.1, < 3.4.02025-09-29
CVE-2025-10344 [MEDIUM] CWE-79 CVE-2025-10344: HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a
stored HTML injection due to lack of proper validation of user input by
sending a POST request in the parameters 'name' and 'clientid' at the endpoint '/projects/project/x'.
nvd
CVE-2025-10342P4MEDIUMCVSS 6.1≥ 3.2.1, < 3.4.02025-09-29
CVE-2025-10342 [MEDIUM] CWE-79 CVE-2025-10342: HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a
stored HTML injection due to lack of proper validation of user input by
sending a POST request in the parameter 'name' at the endpoint '/subscriptions/create'.
nvd
CVE-2025-10343P4MEDIUMCVSS 6.1≥ 3.2.1, < 3.4.02025-09-29
CVE-2025-10343 [MEDIUM] CWE-79 CVE-2025-10343: HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a
stored HTML injection due to lack of proper validation of user input by
sending a POST request in the parameter 'expense_name' at the endpoint '/expenses/expense'.
nvd
CVE-2025-10341P4MEDIUMCVSS 6.1≥ 3.2.1, < 3.4.02025-09-29
CVE-2025-10341 [MEDIUM] CWE-79 CVE-2025-10341: HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a
stored HTML injection due to lack of proper validation of user input by
sending a POST request in the parameter 'company' at the endpoint '/clients/client/x.
nvd
CVE-2025-10345P4MEDIUMCVSS 6.1≥ 3.2.1, < 3.4.02025-09-29
CVE-2025-10345 [MEDIUM] CWE-79 CVE-2025-10345: HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a
stored HTML injection due to lack of proper validation of user input by
sending a POST request in the parameters 'name' and 'address' at the endpoint 'admin/leads/lead'.
nvd
CVE-2025-10346P4MEDIUMCVSS 6.1≥ 3.2.1, < 3.4.02025-09-29
CVE-2025-10346 [MEDIUM] CWE-79 CVE-2025-10346: HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a
stored HTML injection due to lack of proper validation of user input by
sending a POST request in the parameters 'subject' at the endpoint 'knoewledge_base/article'.
nvd
CVE-2025-3219P4MEDIUMCVSS 5.4v3.2.12025-04-04
CVE-2025-3219 [MEDIUM] CWE-79 CVE-2025-3219: A vulnerability was found in CodeCanyon Perfex CRM 3.2.1. It has been classified as problematic. Aff
A vulnerability was found in CodeCanyon Perfex CRM 3.2.1. It has been classified as problematic. Affected is an unknown function of the file /perfex/clients/project/2 of the component Project Discussions Module. The manipulation of the argument description leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been
nvd
CVE-2025-2974P4MEDIUMCVSS 5.4≤ 3.2.12025-03-31
CVE-2025-2974 [MEDIUM] CWE-79 CVE-2025-2974: A vulnerability has been found in CodeCanyon Perfex CRM up to 3.2.1 and classified as problematic. T
A vulnerability has been found in CodeCanyon Perfex CRM up to 3.2.1 and classified as problematic. This vulnerability affects unknown code of the file /contract of the component Contracts. The manipulation of the argument content leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be
nvd
CVE-2024-8867P4MEDIUMCVSS 5.4v3.1.62024-09-15
CVE-2024-8867 [MEDIUM] CWE-79 CVE-2024-8867: A vulnerability was found in Perfex CRM 3.1.6. It has been declared as problematic. This vulnerabili
A vulnerability was found in Perfex CRM 3.1.6. It has been declared as problematic. This vulnerability affects unknown code of the file application/controllers/Clients.php of the component Parameter Handler. The manipulation of the argument message leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to th
nvd
CVE-2020-28961P4MEDIUMCVSS 5.4v2.4.42021-10-22
CVE-2020-28961 [MEDIUM] CWE-79 CVE-2020-28961: Perfex CRM v2.4.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the
Perfex CRM v2.4.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component ./clients/client via the company name parameter.
nvd
CVE-2024-44851P4MEDIUMCVSS 5.4v1.1.02024-09-11
CVE-2024-44851 [MEDIUM] CWE-79 CVE-2024-44851: A stored cross-site scripting (XSS) vulnerability in the Discussion section of Perfex CRM v1.1.0 all
A stored cross-site scripting (XSS) vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter.
nvd
CVE-2021-40303P4MEDIUMCVSS 5.4v1.102022-11-08
CVE-2021-40303 [MEDIUM] CWE-79 CVE-2021-40303: perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clients/profile.
perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clients/profile.
nvd