CVE-2025-10344
📋 TL;DR
Perfex CRM v3.2.1 has a stored HTML injection vulnerability that allows attackers to inject malicious HTML content into the application. This affects all users of Perfex CRM v3.2.1 who have access to the projects functionality. The vulnerability occurs due to insufficient input validation in the '/projects/project/x' endpoint.
💻 Affected Systems
- Perfex CRM
📦 What is this software?
Perfex Crm by Perfexcrm
⚠️ Risk & Real-World Impact
Worst Case
Attackers could inject malicious scripts that steal session cookies, redirect users to phishing sites, or perform actions on behalf of authenticated users, potentially leading to account compromise and data theft.
Likely Case
Attackers inject HTML content that displays misleading information, defaces the application interface, or redirects users to malicious sites, causing reputational damage and potential credential theft.
If Mitigated
With proper input validation and output encoding, the injected HTML would be rendered as plain text rather than executable code, preventing any malicious impact.
🎯 Exploit Status
Exploitation requires sending a crafted POST request to the vulnerable endpoint with malicious HTML in the 'name' and 'clientid' parameters. The attacker needs some level of access to the application.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v3.2.2 or later
Vendor Advisory: https://www.perfexcrm.com/
Restart Required: No
Instructions:
1. Backup your current installation. 2. Download the latest version from the official Perfex CRM website. 3. Replace the vulnerable files with the patched version. 4. Clear any cached data. 5. Test the application functionality.
🔧 Temporary Workarounds
Input Validation Filter
allImplement server-side input validation to sanitize HTML tags in the 'name' and 'clientid' parameters before processing.
Output Encoding
allApply proper output encoding when displaying user-supplied data to prevent HTML rendering.
🧯 If You Can't Patch
- Implement a web application firewall (WAF) with HTML injection rules to block malicious payloads.
- Restrict access to the '/projects/project/x' endpoint to only trusted users and implement additional authentication checks.
🔍 How to Verify
Check if Vulnerable:
Test by sending a POST request to '/projects/project/x' with HTML tags in the 'name' and 'clientid' parameters and check if they are rendered in the response.Check Version:
Check the version in the Perfex CRM admin panel or review the application's version file.Verify Fix Applied:
After patching, repeat the test with HTML tags in parameters and verify they are properly encoded or rejected.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to '/projects/project/x' containing HTML tags or script elements in parameters.
- Multiple failed validation attempts on the projects endpoint.
Network Indicators:
- HTTP POST requests to the vulnerable endpoint with suspicious parameter values containing HTML/script tags.
SIEM Query:
source="web_server" AND (url_path="/projects/project/" AND method="POST" AND (param_name="name" OR param_name="clientid") AND param_value MATCHES "<.*>")