CVE-2025-56807
BaseFortify
Publication date: 2025-09-29
Last updated on: 2025-10-16
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fairsketch | rise_ultimate_project_manager | 3.9.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Stored Cross-Site Scripting (XSS) issue in FairSketch RISE Ultimate Project Manager & CRM version 3.9.4. It occurs because the application does not properly sanitize input in the 'title' parameter when creating new folders in the File Manager. An attacker with administrator access can inject malicious JavaScript code into the folder name, which is then stored and executed whenever users view the folder list, allowing arbitrary script execution in their browsers. [1]
How can this vulnerability impact me? :
The vulnerability can lead to arbitrary JavaScript execution in the browsers of users who access the affected folders. This can result in session hijacking, data exfiltration, and potentially other malicious actions performed on behalf of the user, compromising user accounts and sensitive information. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of malicious JavaScript payloads in folder names within the File Manager of FairSketch RISE Ultimate Project Manager & CRM 3.9.4. One approach is to log in with valid credentials, navigate to the Files section, and inspect folder titles for suspicious HTML or JavaScript code such as `<details/open/ontoggle=prompt(origin)>`. Additionally, monitoring POST requests to `/index.php/clients/save_folder` with unusual or encoded 'title' parameters can help identify exploitation attempts. Commands to detect such activity could include using curl or similar tools to simulate or inspect POST requests, for example: `curl -X POST -d "title=%3Cdetails/open/ontoggle=prompt(origin)%3E" https://yourserver/index.php/clients/save_folder` to test if the system accepts such input, or using web application firewall logs to search for POST requests containing suspicious payloads in the 'title' parameter. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting administrator access to the File Manager to trusted users only, avoiding the creation of new folders with untrusted input, and monitoring for suspicious folder names containing JavaScript payloads. Since the vulnerability arises from insufficient input sanitization of the 'title' parameter, applying input validation or sanitization on the server side to disallow HTML or JavaScript in folder names is critical. If a patch or update from FairSketch is available, applying it promptly is recommended. In the absence of a patch, consider implementing web application firewall rules to block POST requests to `/index.php/clients/save_folder` containing suspicious payloads in the 'title' parameter. [1]