Aqwa Hameed

**Name of the Vulnerable Software and Affected Versions** FairSketch RISE Ultimate Project Manager & CRM version 3.9.4 **Description** A cross-site scripting (XSS) issue exists in FairSketch RISE Ultimate Project Manager & CRM. An administrator can store a JavaScript payload via the file explorer within the admin dashboard when creating new folders. This allows for the execution of malicious scripts. The vulnerable functionality involves the creation of new folders within the admin dashboard's file explorer. The payload is stored and potentially executed when the folder is accessed. **Recommendations** Update FairSketch RISE Ultimate Project Manager & CRM to a newer version that contains a fix for this vulnerability.