CVE-2024-8867

Summary

CVE-2024-8867 is a vulnerability identified in Perfex CRM version 3.1.6, specifically affecting the application/controllers/Clients.php file within the Parameter Handler component. This vulnerability allows for cross-site scripting (XSS) attacks through manipulation of the "message" argument, which can be exploited remotely. The risk associated with this vulnerability is rated as medium, with potential impacts on integrity and confidentiality being low, requiring user interaction to exploit. To remediate this issue, it is advised to apply an available patch to fix the vulnerability. Organizations using affected versions of Perfex CRM should address this vulnerability promptly to mitigate possible attacks that could exploit user input handling weaknesses.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.