Tag
#Advisory
Posts from Bytium on this topic.
May 16, 2026•2 min read
Krayin CRM 2.2.0 - Authenticated Arbitrary File Upload to RCE
Krayin CRM 2.2.0 ships a TinyMCE media-upload endpoint that accepts any file extension and stores the result on a publicly served Laravel disk
advisory
May 16, 2026•2 min read
Krayin CRM 2.2.0 - Cross-User IDOR Across Lead, Contact, and Activity Controllers
Authenticated cross user idor vulnerability has been identified in Webkul's Krain CRM 2.2.0.
Advisory
Mar 30, 2025•2 min read
Stored XSS in Perfex CRM 3.2.1 Contracts Module
Stored XSS in Perfex CRM 3.2.1 project discussions allows authenticated clients to inject JavaScript that runs for other users.
security
advisory
Mar 30, 2025•2 min read
Stored Cross-Site Scripting in Perfex CRM 3.2.1 Project Discussions
Stored XSS in Perfex CRM 3.2.1 project discussions allows authenticated clients to inject JavaScript that runs for other users.
security
appsec
advisory
Sep 18, 2024•2 min read
Stored XSS Vulnerabilities in CRMGo SaaS 7.2
Two stored cross-site scripting (XSS) vulnerabilities were identified in CRMGo SaaS version 7.2
advisory
security
vulnerabilities