Skip to main content

RISE CRM CVE-2025-60378

HIGH
Cross-site Scripting (XSS) (CWE-79)
2025-10-10 cve@mitre.org
8.1
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
8.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
vuln.today AI
4.6 MEDIUM

Authenticated user injects stored HTML (PR:L); realized phishing impact requires a recipient to view delivered content (UI:R) and is indirect/limited, so C:L/I:L, A:N.

3.1 AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 05, 2026 - 02:48 vuln.today

DescriptionCVE.org

Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in emails, PDFs, and messaging/chat modules sent to clients or team members, enabling phishing, credential theft, and business email compromise. Automated recurring invoices and messaging amplify the risk by distributing malicious content to multiple recipients.

AnalysisAI

Stored HTML/script injection in RISE Ultimate Project Manager & CRM (vendor fairsketch) lets authenticated low-privilege users embed attacker-controlled markup into invoices and messages that later renders in outbound emails, generated PDFs, and the in-app messaging/chat modules delivered to clients and staff. Because injected content is stored server-side and redistributed-amplified by automated recurring invoices-it functions as a persistent phishing and credential-harvesting vector rather than a memory-corruption bug. Publicly available exploit code exists (GitHub PoC), but there is no public exploit identified as actively used in the wild, and the EPSS probability is modest at 1.06% (61st percentile).

Technical ContextAI

The affected product is fairsketch's RISE, a PHP/CodeIgniter-based commercial project management and CRM suite (CPE cpe:2.3:a:fairsketch:rise_ultimate_project_manager). The root cause is CWE-79 (Improper Neutralization of Input During Web Page Generation), meaning user-supplied invoice and message fields are stored without sanitization or output encoding and then interpolated into multiple rendering contexts. The notable characteristic here is multi-sink output: the same tainted data is emitted into HTML emails, server-side PDF generation, and the web chat/messaging UI, so a single injection propagates across several trust boundaries and audiences.

RemediationAI

No vendor-released patch or fixed version is identified at time of analysis, and no vendor advisory URL is provided, so track fairsketch/CodeCanyon release notes for a corrected build and apply it once published. As specific compensating controls: enforce strict server-side sanitization/output encoding on invoice and message fields (allowlist plain text or a minimal safe-HTML subset), which may remove legitimate formatting some users rely on; disable or restrict the automated recurring-invoice and bulk-messaging features that fan out injected content to many recipients, at the cost of manual invoice workflows; and place a WAF or template-level HTML filter in front of the email/PDF generation pipeline, accepting that PDF rendering of rich content may break. Restrict account creation and invoice/message authoring to trusted staff to raise the bar on the required authenticated foothold. Reference for exploitation details: https://github.com/ajansha/CVE-2025-60378.

CVE-2019-18884 HIGH POC
8.8 Nov 13

index.php/team_members/add_team_member in RISE Ultimate Project Manager 2.3 has CSRF for adding authorized users. Rated

CVE-2025-63293 MEDIUM POC
6.5 Nov 03

FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. Rated medium severity (CVSS

CVE-2025-56807 MEDIUM POC
6.1 Sep 29

A cross-site scripting (XSS) vulnerability in FairSketch RISE Ultimate Project Manager & CRM 3.9.4 allows an administrat

CVE-2025-3855 MEDIUM POC
5.3 Apr 22

A vulnerability was found in CodeCanyon RISE Ultimate Project Manager 3.8.2 and classified as problematic. Rated medium

CVE-2024-8945 MEDIUM POC
5.3 Sep 17

A vulnerability has been found in CodeCanyon RISE Ultimate Project Manager 3.7.0 and classified as critical. Rated mediu

CVE-2024-0545 MEDIUM
6.9 Jan 15

A vulnerability classified as problematic was found in CodeCanyon RISE Ultimate Project Manager 3.5.3. Rated medium seve

CVE-2017-11182 MEDIUM
5.4 Jul 12

In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. Rated medium severity (

CVE-2017-11181 MEDIUM
5.4 Jul 12

In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the Messaging section. Rated medium severity (C

CVE-2025-41106 MEDIUM
5.1 Nov 11

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection du

CVE-2025-41105 MEDIUM
5.1 Nov 11

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection du

CVE-2025-41104 MEDIUM
5.1 Nov 11

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection du

CVE-2025-41103 MEDIUM
5.1 Nov 11

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection du

Share

CVE-2025-60378 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy