CNNVD-202511-1199 Information

CNNVD ID

CNNVD-202511-1199

Related CVE

CVE-2025-41104

• CNNVD Published: 2025-11-11

Description (Chinese)

FairSketch Fairsketch RISE CRM Framework是FairSketch公司的一款团队管理与客户关系管理框架。 Fairsketch RISE CRM Framework v3.8.1版本存在跨站脚本漏洞，该漏洞源于对文件/estimate_requests/save_estimate_request中参数custom_field_1的用户输入验证不足，可能导致HTML注入攻击。

Description (English)

FairSketch Fairsketch Rise CRM Framework is a team management and customer management framework for FairSketch. Version Fairsketch Rise CRM Framework v. 3.8.1 has a cross-site script loophole, which results from the lack of user input validation of the parameter Custom field 1 in the document/estimate requests/save estimate request, which may lead to an HTML injection attack.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

FairSketch

Published

2025-11-11

Last Modified

2026-02-24

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fairsketchs-rise-crm-framework

Patch

https://fairsketch.com/