# Affected software: PerfectView CRM
# Description: PerfectView CRM is a software for Relationship Management,
Marketing & Sales
# Type of vulnerability: XSS Persistent
 # URL: http://perfectviewcrm.com
#
# Discovered by: Provensec
# Website: http://www.provensec.com

# Description: PerfectView is prone to a Persistent Cross Site Scripting
attack
that allows a malicious user to inject HTML or scripts that can access any
cookies, session tokens, or other
sensitive information retained by your browser and used with that site.
# Proof of concept
# 1. Create a Conversation report as a Normal user inside "To Do".
# 2. Select the new conversation
# 3. Add a note with the following value: "><script>alert('XSS by
Provensec')</script>
# 5. Save the conversation and use the functionality in To Do menu to
forward it to a colleague.
# Screenshot attached