CVE-2025-55903
Published
CVSS v3
8.3
HIGH
CVSS v2
N/A
Affected
1
PROJECT
Description
A HTML injection vulnerability exists in Perfex CRM v3.3.1. The application fails to sanitize user input in the "Bill To" address field within the estimate module. As a result, arbitrary HTML can be injected and rendered unescaped in client-facing documents.
CVE-2025-55903 — Stored HTML Injection in PerfexCRM < 3.3.1 (Invoice/Client Communication)
GitHub