CVE-2025-41103

MEDIUM

Fairsketch RISE Ultimate Project Manager < 3.9 - Stored Cross-Site Scripting via Reply Message Parameter

Title source: llm
STIX 2.1

Description

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'reply_message' in '/messages/reply'.

Scores

CVSS v3 5.4
EPSS 0.0014
EPSS Percentile 3.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
fairsketch/rise_ultimate_project_manager < 3.9
Published Nov 11, 2025
Tracked Since Feb 18, 2026