PT-2025-46334 · Fairsketch · Rise Crm Framework
Published
2025-11-11
·
Updated
2025-11-11
·
CVE-2025-41106
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Fairsketch RISE CRM Framework version 3.8.1
Description
An HTML injection issue exists in Fairsketch RISE CRM Framework version 3.8.1. This is due to insufficient validation of user-supplied data. The issue can be triggered by sending a POST request with malicious HTML code in the
first name parameter to the '/clients/save contact/' API endpoint.Recommendations
Apply input validation and sanitization to the
first name parameter in the '/clients/save contact/' API endpoint.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rise Crm Framework