CVE Catalog

CVE-2025-56807

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

12th percentile - higher than 12% of all known CVEs

Summary

A stored cross-site scripting (XSS) vulnerability was found in FairSketch RISE Ultimate Project Manager & CRM 3.9.4. An administrator can inject malicious JavaScript code when creating new folders via the file explorer in the admin dashboard.

Risk Assessment

An attacker with admin privileges can permanently inject a malicious script that executes in other users' browsers, potentially leading to session theft, content manipulation, or further attack escalation.

Recommendation

Update the system to the latest version. As a temporary measure, restrict admin dashboard access and implement input validation and output encoding for the folder creation functionality.

Original NVD description (English source)

A cross-site scripting (XSS) vulnerability in FairSketch RISE Ultimate Project Manager & CRM 3.9.4 allows an administrator to store a JavaScript payload using the file explorer in the admin dashboard when creating new folders.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS