Last active
September 9, 2024 19:57
-
-
Save 0xashfaq/e44a6dece3be498241aebcfaa046e634 to your computer and use it in GitHub Desktop.
Perfex CRM File Sharing module 1.1.0 - Stored XSS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CVE-2024-44851: A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Perfex CRM File Sharing module 1.1.0. The vulnerability exists in the `content` parameter within the Discussion section. By injecting malicious scripts into this parameter, an attacker can store the script within the application. When the content is viewed by other users, the malicious script is executed in their browsers, potentially leading to the compromise of user data, session hijacking, or other malicious actions. | |
| Software & Vendor Information : | |
| Title: Perfex CRM File Sharing module 1.1.0 - Stored XSS | |
| Vendor Homepage: https://www.perfexcrm.com/ | |
| Software Link: https://codecanyon.net/item/file-sharing-for-perfex-crm/31482935 | |
| Version: Version 1.1.0 | |
| Attack Type: Remote | |
| Tested on: Windows 10 | Firefox and Chrome (Latest Version) | |
| Published a write-up: https://github.com/0xashfaq/File-Sharing-module-for-Perfex-CRM-XSS | |
| Discovered by Md. Ashfaqul Haq, 18 Aug 2024. | |
| Publishing References: | |
| https://www.cve.org/CVERecord?id=CVE-2024-44851 | |
| https://nvd.nist.gov/vuln/detail/CVE-2024-44851 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment