CVE-2025-60378

Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in emails, PDFs, and messaging/chat modules sent to clients or team members, enabling phishing, credential theft, and business emai...

CVE-2025-60378

Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in emails, PDFs, and messaging/chat modules sent to clients or team members, enabling phishing, credential theft, and business emai...

CVE-2025-60378

Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in emails, PDFs, and messaging/chat modules sent to clients or team members, enabling phishing, credential theft, and business emai...

CVE-2025-60378

Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in emails, PDFs, and messaging/chat modules sent to clients or team members, enabling phishing, credential theft, and business emai...

CVE-2025-60378

CVE-2025-60378 affects RISE Ultimate Project Manager & CRM. A stored HTML injection allows authenticated users to inject arbitrary HTML into invoices and messages, with injected content rendering in emails, PDFs, and messaging/chat modules sent to clients or team members. This enables phishing, c...

PT-2024-15645 · Unknown · Codecanyon Rise Ultimate Project Manager

Name of the Vulnerable Software and Affected Versions: CodeCanyon RISE Rise Ultimate Project Manager version 3.5.3 Description: A problematic vulnerability was found in the CodeCanyon RISE Rise Ultimate Project Manager, affecting the file /index.php/signin. The manipulation of the redirect argume...

RISE Ultimate Project Manager Cross-Site Request Forgery Vulnerability

RISE Ultimate Project Manager is used to manage projects, clients and team members. A cross-site request forgery vulnerability exists in index.php/teammembers/addteammember in RISE Ultimate Project Manager 2.3, which can be exploited by an attacker to add authorized users...

CVE-2017-17999

SQL injection vulnerability in RISE Ultimate Project Manager 1.9 allows remote attackers to execute arbitrary SQL commands via the search parameter to index.php/knowledgebase/getarticlesuggestion/...

CVE-2017-11182

In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. All input fields are vulnerable...