CVE-2025-56807
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk12th percentile - higher than 12% of all known CVEs
Summary
A stored cross-site scripting (XSS) vulnerability was found in FairSketch RISE Ultimate Project Manager & CRM 3.9.4. An administrator can inject malicious JavaScript code when creating new folders via the file explorer in the admin dashboard.
Risk Assessment
An attacker with admin privileges can permanently inject a malicious script that executes in other users' browsers, potentially leading to session theft, content manipulation, or further attack escalation.
Recommendation
Update the system to the latest version. As a temporary measure, restrict admin dashboard access and implement input validation and output encoding for the folder creation functionality.
Original NVD description (English source)
A cross-site scripting (XSS) vulnerability in FairSketch RISE Ultimate Project Manager & CRM 3.9.4 allows an administrator to store a JavaScript payload using the file explorer in the admin dashboard when creating new folders.

