CVE-2025-41104 – An HTML injection vulnerability in Fairsketch's... (How to Fix)

Q: What is the severity of CVE-2025-41104?

CVE-2025-41104 has a CVSS score of 5.4 (MEDIUM). An HTML injection vulnerability in Fairsketch's RISE CRM Framework allows attackers to inject malicious HTML code via the 'custom_field_1' parameter in POST requests. This affects users of RISE CRM Framework v3.8.1 who have the vulnerable endpoint accessible.

📋 TL;DR

An HTML injection vulnerability in Fairsketch's RISE CRM Framework allows attackers to inject malicious HTML code via the 'custom_field_1' parameter in POST requests. This affects users of RISE CRM Framework v3.8.1 who have the vulnerable endpoint accessible.

💻 Affected Systems

Products:

Fairsketch RISE CRM Framework

Versions: v3.8.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the default installation when the '/estimate_requests/save_estimate_request' endpoint is accessible.

📦 What is this software?

Rise Ultimate Project Manager by Fairsketch

View all CVEs affecting Rise Ultimate Project Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could inject malicious scripts leading to session hijacking, credential theft, or complete account takeover through cross-site scripting attacks.

🟠

Likely Case

Attackers inject phishing forms or deface content to trick users into revealing credentials or sensitive information.

🟢

If Mitigated

With proper input validation and output encoding, the injected HTML would be rendered harmless as plain text.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires sending a crafted POST request with HTML payload in the 'custom_field_1' parameter.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Monitor vendor for security updates. 2. Apply input validation and output encoding to the 'custom_field_1' parameter. 3. Sanitize all user inputs before processing.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side validation to reject or sanitize HTML content in the 'custom_field_1' parameter.

WAF Rule

all

Configure web application firewall to block requests containing HTML/script tags in the 'custom_field_1' parameter.

🧯 If You Can't Patch

Restrict access to the '/estimate_requests/save_estimate_request' endpoint to trusted users only.
Implement Content Security Policy (CSP) headers to mitigate potential XSS impact.

🔍 How to Verify

Check if Vulnerable:

Send a POST request to '/estimate_requests/save_estimate_request' with HTML payload in 'custom_field_1' parameter and check if HTML renders.

Check Version:

Check RISE CRM Framework version in admin panel or configuration files.

Verify Fix Applied:

Test the same payload after fixes; HTML should be displayed as plain text, not executed.

📡 Detection & Monitoring

Log Indicators:

POST requests to '/estimate_requests/save_estimate_request' with HTML tags in parameters
Unusual HTML content in custom_field_1 parameter

Network Indicators:

HTTP POST requests containing script tags or HTML entities in custom_field_1 parameter

SIEM Query:

http.method:POST AND http.uri:"/estimate_requests/save_estimate_request" AND http.param.custom_field_1:*<*

📊 Metadata

CVE ID: CVE-2025-41104

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.04% exploit probability (11.3th percentile)

Published: November 11, 2025

Last Updated: November 17, 2025

🔗 References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fairsketchs-rise-crm-framework Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-41104, you might also want to check these: