Total
15 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-41101 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2025-11-17 | N/A | 5.4 MEDIUM |
| HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in'/projects/save'. | |||||
| CVE-2025-41102 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2025-11-17 | N/A | 5.4 MEDIUM |
| HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in '/events/save'. | |||||
| CVE-2025-41103 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2025-11-17 | N/A | 5.4 MEDIUM |
| HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'reply_message' in '/messages/reply'. | |||||
| CVE-2025-41104 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2025-11-17 | N/A | 5.4 MEDIUM |
| HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'custom_field_1' in '/estimate_requests/save_estimate_request'. | |||||
| CVE-2025-41105 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2025-11-17 | N/A | 5.4 MEDIUM |
| HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in '/tickets/save'. | |||||
| CVE-2025-41106 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2025-11-17 | N/A | 5.4 MEDIUM |
| HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'first_name' in '/clients/save_contact/'. | |||||
| CVE-2025-60378 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2025-11-17 | N/A | 8.1 HIGH |
| Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in emails, PDFs, and messaging/chat modules sent to clients or team members, enabling phishing, credential theft, and business email compromise. Automated recurring invoices and messaging amplify the risk by distributing malicious content to multiple recipients. | |||||
| CVE-2025-63293 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2025-11-14 | N/A | 6.5 MEDIUM |
| FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing authorization checks in the ticketing/commenting API. | |||||
| CVE-2025-56807 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2025-10-16 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in FairSketch RISE Ultimate Project Manager & CRM 3.9.4 allows an administrator to store a JavaScript payload using the file explorer in the admin dashboard when creating new folders. | |||||
| CVE-2025-3855 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2025-08-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in CodeCanyon RISE Ultimate Project Manager 3.8.2 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php/team_members/save_profile_image/ of the component Profile Picture Handler. The manipulation of the argument profile_image_file leads to improper control of resource identifiers. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-0545 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2025-04-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability classified as problematic was found in CodeCanyon RISE Ultimate Project Manager 3.5.3. This vulnerability affects unknown code of the file /index.php/signin. The manipulation of the argument redirect with the input http://evil.com leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-11181 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the Messaging section. Subject and Message fields are vulnerable. | |||||
| CVE-2017-11182 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. All input fields are vulnerable. | |||||
| CVE-2017-17999 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in RISE Ultimate Project Manager 1.9 allows remote attackers to execute arbitrary SQL commands via the search parameter to index.php/knowledge_base/get_article_suggestion/. | |||||
| CVE-2024-8945 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2024-09-25 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been found in CodeCanyon RISE Ultimate Project Manager 3.7.0 and classified as critical. This vulnerability affects unknown code of the file /index.php/dashboard/save. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | |||||