Описание
A HTML injection vulnerability exists in Perfex CRM v3.3.1. The application fails to sanitize user input in the "Bill To" address field within the estimate module. As a result, arbitrary HTML can be injected and rendered unescaped in client-facing documents.
EPSS
Процентиль: 19%
0.00062
Низкий
8.3 High
CVSS3
Дефекты
CWE-116
Связанные уязвимости
CVSS3: 8.3
github
4 месяца назад
A HTML injection vulnerability exists in Perfex CRM v3.3.1. The application fails to sanitize user input in the "Bill To" address field within the estimate module. As a result, arbitrary HTML can be injected and rendered unescaped in client-facing documents.
EPSS
Процентиль: 19%
0.00062
Низкий
8.3 High
CVSS3
Дефекты
CWE-116