PT-2025-46332 · Fairsketch · Rise Crm Framework

Published

2025-11-11

Updated

2025-11-11

CVE-2025-41104

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Fairsketch RISE CRM Framework version 3.8.1

Description An HTML injection issue exists in Fairsketch RISE CRM Framework version 3.8.1. This is due to insufficient validation of user-supplied data. The issue can be triggered by sending a POST request to the /estimate requests/save estimate request endpoint with malicious HTML code in the custom field 1 parameter.

Recommendations Apply input validation to the custom field 1 parameter in the /estimate requests/save estimate request endpoint to prevent the injection of HTML code.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-41104

Affected Products

Rise Crm Framework

PT-2025-46332 · Fairsketch · Rise Crm Framework

CVE-2025-41104

Weakness Enumeration

Related Identifiers

Affected Products

References · 5