Vulnerabilities

CVE-2025-55903

by Fred · 10/10/2025

A HTML injection vulnerability exists in Perfex CRM v3.3.1. The application fails to sanitize user input in the “Bill To” address field within the estimate module. As a result, arbitrary HTML can be injected and rendered unescaped in client-facing documents.

More information : https://codecanyon.net/item/perfex-powerful-open-source-crm/14013737

Similar

Tags: Cybersecurity Alert