Fairsketch

Rise Ultimate Project Manager

15 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-41106

  • EPSS 0.04%
  • Veröffentlicht 11.11.2025 12:21:07
  • Zuletzt bearbeitet 17.11.2025 15:17:21

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'first_name' in '/clients/save_contact/'.

5.4

CVE-2025-41105

  • EPSS 0.04%
  • Veröffentlicht 11.11.2025 12:19:05
  • Zuletzt bearbeitet 17.11.2025 15:19:01

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in '/tickets/save'.

5.4

CVE-2025-41104

  • EPSS 0.04%
  • Veröffentlicht 11.11.2025 12:17:41
  • Zuletzt bearbeitet 17.11.2025 15:21:33

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'custom_field_1' in '/estimate_requests/save_...

5.4

CVE-2025-41103

  • EPSS 0.04%
  • Veröffentlicht 11.11.2025 12:16:38
  • Zuletzt bearbeitet 17.11.2025 15:23:41

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'reply_message' in '/messages/reply'.

5.4

CVE-2025-41102

  • EPSS 0.04%
  • Veröffentlicht 11.11.2025 11:57:40
  • Zuletzt bearbeitet 17.11.2025 15:23:58

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in '/events/save'.

5.4

CVE-2025-41101

  • EPSS 0.04%
  • Veröffentlicht 11.11.2025 11:50:20
  • Zuletzt bearbeitet 17.11.2025 15:24:58

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in'/projects/save'.

6.5

CVE-2025-63293

Exploit
  • EPSS 0.05%
  • Veröffentlicht 03.11.2025 00:00:00
  • Zuletzt bearbeitet 14.11.2025 18:32:13

FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing authorization ...

8.1

CVE-2025-60378

Exploit
  • EPSS 0.12%
  • Veröffentlicht 10.10.2025 00:00:00
  • Zuletzt bearbeitet 17.11.2025 14:30:13

Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in emails, PDFs, and messaging/chat modules sent to clients or team members, enablin...

6.1

CVE-2025-56807

Exploit
  • EPSS 0.03%
  • Veröffentlicht 29.09.2025 18:15:32
  • Zuletzt bearbeitet 16.10.2025 16:32:12

A cross-site scripting (XSS) vulnerability in FairSketch RISE Ultimate Project Manager & CRM 3.9.4 allows an administrator to store a JavaScript payload using the file explorer in the admin dashboard when creating new folders.

4.3

CVE-2025-3855

Exploit
  • EPSS 0.2%
  • Veröffentlicht 22.04.2025 00:31:09
  • Zuletzt bearbeitet 01.08.2025 22:06:07

A vulnerability was found in CodeCanyon RISE Ultimate Project Manager 3.8.2 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php/team_members/save_profile_image/ of the component Profile Picture H...