Stored HTML Injection Vulnerability in Perfex CRM by Perfex
CVE-2025-10341

5.3MEDIUM

Key Information:

Vendor: Perfex Crm
Status: Perfex Crm
Vendor: CVE Published:; 29 September 2025

What is CVE-2025-10341?

A stored HTML injection vulnerability exists in Perfex CRM v3.2.1, resulting from inadequate input validation in the 'company' parameter. This can be exploited via a POST request to manipulate client data and potentially execute malicious scripts in the affected environment, posing significant risks to the integrity and confidentiality of user information.

Affected Version(s)

Perfex CRM 3.2.1

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 29, 2025
Vulnerability Reserved
Sep 12, 2025

Credit

Gonzalo Aguilar García (6h4ack)

JSON

Perfex Crm

What is CVE-2025-10341?

Affected Version(s)

References

CVSS V4

Timeline

Credit