Can you explain this vulnerability to me?

This vulnerability is a stored HTML injection in Perfex CRM version 3.2.1. It occurs because the application does not properly validate user input sent via a POST request in the 'company' parameter at the '/clients/client/x' endpoint. This allows an attacker to inject malicious HTML code that is stored and later executed in the context of the application.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

The impact of this vulnerability includes the potential for attackers to execute malicious HTML code within the application, which can lead to unauthorized actions such as content manipulation, phishing, or session hijacking. Since it is a stored injection, the malicious code can affect multiple users who access the infected data.

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by sending crafted POST requests to the endpoint '/clients/client/x' with malicious HTML content in the 'company' parameter and observing if the input is stored and rendered without proper sanitization. A simple detection command using curl could be: curl -X POST -d "company=<script>alert('XSS')</script>" https://your-perfex-crm-domain/clients/client/x If the script executes when viewing the stored data, the vulnerability is present.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include updating Perfex CRM to the latest version where the vulnerability has been fixed by the development team. Additionally, applying input validation and sanitization on the 'company' parameter at the server side can help prevent stored HTML injection. Restricting user input to safe characters and employing web application firewalls to detect and block malicious payloads are also recommended.

Useful 0 Not Useful 0