Advertisement






Perfex - Powerful Open Source CRM v2.3.4 Stored XSS Injection

CVE Category Price Severity
CVE-2020-27161 CWE-79 $2,000 High
Author Risk Exploitation Type Date
Cybersecurity Researcher High Remote 2019-04-25
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019040225

Below is a copy:

Perfex - Powerful Open Source CRM v2.3.4 Stored XSS Injection
[*] :: Title: Perfex - Powerful Open Source CRM v2.3.4 Stored XSS Injection
[*] :: Author: QUIXSS
[*] :: Date: 2019-04-25
[*] :: Software: Perfex - Powerful Open Source CRM v2.3.4
  
[?] :: Technical Details & Description:
# Weak security measures like bad input fields data filtering has been discovered in the Perfex - Powerful Open Source CRM. Current version of this web-application is 2.3.4.

[?] :: Demo Website:
# https://codecanyon.net/item/perfex-powerful-open-source-crm/14013737
# Backend: https://www.perfexcrm.com/demo/admin/authentication
# Login/Password (admin): [email protected]/123123

[!] :: Special Note:
# Author of this web-application was warned about bad security measures. Nothing has changed.

[!] :: For developers:
# Disabling any data changes on a demo websites doesn't make your applications more secure. It's good for business and sales but you are simply double-crossing your clients.

[+] :: PoC [Links]:
# https://www.perfexcrm.com/demo/admin
# https://www.perfexcrm.com/demo/admin/authentication
# https://www.perfexcrm.com/demo/authentication/login
# https://www.perfexcrm.com/demo/knowledge-base

[+] :: PoC [Stored XSS Injection]:
# Authorize on the demo website for tests, then go to https://www.perfexcrm.com/demo/admin/settings page. On the Company Name input field use payload like " onload="alert('QUIXSS');"/>, save the data and then you'll see that XSS filter is not triggered and your payload is successfully injected.
# Sample payload #1: " onload="alert('QUIXSS');"/>
# Sample payload #2: " onload="alert('QUIXSS');window.open('https://cxsecurity.com/');"/>

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.