Unrated severityNVD Advisory· Published Oct 10, 2025· Updated Oct 10, 2025
CVE-2025-60378
CVE-2025-60378
Description
Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in emails, PDFs, and messaging/chat modules sent to clients or team members, enabling phishing, credential theft, and business email compromise. Automated recurring invoices and messaging amplify the risk by distributing malicious content to multiple recipients.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- RISE/Ultimate Project Manager & CRMdescription
Patches
Vulnerability mechanics
References
1- rise.commitre
News mentions
0No linked articles in our index yet.