Description

Stored Cross-Site Scripting (XSS) in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of users viewing the chat, resulting in client-side code execution, potential session token theft, and other malicious actions. A different vulnerability than CVE-2024-8867.

INFO

Published Date :

2025-10-14T00:00:00.000Z

Last Modified :

2025-10-14T19:56:29.556Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-60374 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-60374.

URL Resource
https://github.com/ajansha/CVE-2025-60374 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System