ajansha/CVE-2025-55903

Releases0

CVE-2025-55903 — Stored HTML Injection in PerfexCRM < 3.3.1 (Invoice/Client Communication)

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-55903 ↗	Oct 10, 2025Friday, 10 October 2025, 20:15	8.3 HIGH	—
A HTML injection vulnerability exists in Perfex CRM v3.3.1. The application fails to sanitize user input in the "Bill To" address field within the estimate module. As a result, arbitrary HTML can be injected and rendered unescaped in client-facing documents.