fairsketch 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk cross-site scripting、vendor risk sql injection、vendor risk csrf, and vendor risk open redirect があり、vendor surface production workloads の利用場面で vendor impact session compromise and vendor impact data exposure などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-41106 | HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'first_name' in '/clients/save_contact/'. | [email protected] | 5.1 | 0.02% | 2025-11-11 | 2025-11-17 |
| CVE-2025-41105 | HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in '/tickets/save'. | [email protected] | 5.1 | 0.02% | 2025-11-11 | 2025-11-17 |
| CVE-2025-41104 | HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'custom_field_1' in '/estimate_requests/save_estimate_request'. | [email protected] | 5.1 | 0.02% | 2025-11-11 | 2025-11-17 |
| CVE-2025-41103 | HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'reply_message' in '/messages/reply'. | [email protected] | 5.1 | 0.02% | 2025-11-11 | 2025-11-17 |
| CVE-2025-41102 | HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in '/events/save'. | [email protected] | 5.1 | 0.02% | 2025-11-11 | 2025-11-17 |
| CVE-2025-41101 | HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'title' in'/projects/save'. | [email protected] | 5.1 | 0.02% | 2025-11-11 | 2025-11-17 |
| CVE-2025-63293 | FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing authorization checks in the ticketing/commenting API. | [email protected] | 6.5 | 0.05% | 2025-11-03 | 2025-11-14 |
| CVE-2025-60378 | Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in emails, PDFs, and messaging/chat modules sent to clients or team members, enabling phishing, credential theft, and business email compromise. Automated recurring invoices and messaging amplify the risk by distributing malicious content to multiple recipients. | [email protected] | 8.1 | 0.17% | 2025-10-10 | 2025-11-17 |
| CVE-2025-56807 | A cross-site scripting (XSS) vulnerability in FairSketch RISE Ultimate Project Manager & CRM 3.9.4 allows an administrator to store a JavaScript payload using the file explorer in the admin dashboard when creating new folders. | [email protected] | 6.1 | 0.03% | 2025-09-29 | 2025-10-16 |
| CVE-2025-3855 | A vulnerability was found in CodeCanyon RISE Ultimate Project Manager 3.8.2 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php/team_members/save_profile_image/ of the component Profile Picture Handler. The manipulation of the argument profile_image_file leads to improper control of resource identifiers. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 5.3 | 0.46% | 2025-04-22 | 2025-08-01 |
| CVE-2024-8945 | A vulnerability has been found in CodeCanyon RISE Ultimate Project Manager 3.7.0 and classified as critical. This vulnerability affects unknown code of the file /index.php/dashboard/save. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | [email protected] | 5.3 | 1.24% | 2024-09-17 | 2024-09-25 |
| CVE-2024-0545 | A vulnerability classified as problematic was found in CodeCanyon RISE Ultimate Project Manager 3.5.3. This vulnerability affects unknown code of the file /index.php/signin. The manipulation of the argument redirect with the input http://evil.com leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 6.9 | 0.07% | 2024-01-15 | 2025-04-21 |
| CVE-2019-18884 | index.php/team_members/add_team_member in RISE Ultimate Project Manager 2.3 has CSRF for adding authorized users. | [email protected] | 8.8 | 0.18% | 2019-11-13 | 2024-11-21 |
| CVE-2017-17999 | SQL injection vulnerability in RISE Ultimate Project Manager 1.9 allows remote attackers to execute arbitrary SQL commands via the search parameter to index.php/knowledge_base/get_article_suggestion/. | [email protected] | 9.8 | 2.72% | 2018-01-23 | 2024-11-21 |
| CVE-2017-11182 | In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. All input fields are vulnerable. | [email protected] | 5.4 | 0.34% | 2017-07-12 | 2026-05-13 |
| CVE-2017-11181 | In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the Messaging section. Subject and Message fields are vulnerable. | [email protected] | 5.4 | 0.18% | 2017-07-12 | 2026-05-13 |