Ashfaqul Haq 0xashfaq

## Perfex-CRM-File-Sharing-module-1.1.0-Stored-XSS.txt
CVE-2024-44851: A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Perfex CRM File Sharing module 1.1.0. The vulnerability exists in the `content` parameter within the Discussion section. By injecting malicious scripts into this parameter, an attacker can store the script within the application. When the content is viewed by other users, the malicious script is executed in their browsers, potentially leading to the compromise of user data, session hijacking, or other malicious actions.

  Software & Vendor Information :
  Title: Perfex CRM File Sharing module 1.1.0 - Stored XSS
  Vendor Homepage: https://www.perfexcrm.com/
  Software Link: https://codecanyon.net/item/file-sharing-for-perfex-crm/31482935
  Version: Version 1.1.0
  Attack Type: Remote
  Tested on: Windows 10 | Firefox and Chrome (Latest Version)
  Published a write-up: https://github.com/0xashfaq/File-Sharing-module-for-Perfex-CRM-XSS
	CVE-2024-44851: A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Perfex CRM File Sharing module 1.1.0. The vulnerability exists in the `content` parameter within the Discussion section. By injecting malicious scripts into this parameter, an attacker can store the script within the application. When the content is viewed by other users, the malicious script is executed in their browsers, potentially leading to the compromise of user data, session hijacking, or other malicious actions.

	Software & Vendor Information :
	Title: Perfex CRM File Sharing module 1.1.0 - Stored XSS
	Vendor Homepage: https://www.perfexcrm.com/
	Software Link: https://codecanyon.net/item/file-sharing-for-perfex-crm/31482935
	Version: Version 1.1.0
	Attack Type: Remote
	Tested on: Windows 10 \| Firefox and Chrome (Latest Version)
	Published a write-up: https://github.com/0xashfaq/File-Sharing-module-for-Perfex-CRM-XSS