projectsend
Enterprise Softwareoss-project
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting projectsend.
- CVE-2021-47947Projectsend r1295 Stored Cross-Site Scripting via files-edit.php6.4
- CVE-2023-53980ProjectSend r1605 Remote Code Execution via File Extension Manipulation9.8
- CVE-2023-53930ProjectSend r1605 Insecure Direct Object Reference File Download Vulnerability7.5
- CVE-2023-53906ProjectSend r1605 Stored Cross-Site Scripting via Custom Assets Page4.8
- CVE-2023-53905ProjectSend r1605 CSV Injection via User Account Export Functionality8.0
- CVE-2024-11680ProjectSend Unauthenticated Configuration ModificationKEV9.8
- CVE-2024-7659projectsend Password Reset Token functions.php generate_random_string random values3.7
- CVE-2024-7658projectsend process.php get_preview resource injection5.3
- CVE-2023-0607Cross-site Scripting (XSS) - Stored in projectsend/projectsend4.8
- CVE-2017-20101ProjectSend information disclosure3.5
- CVE-2021-40884Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user ...8.1
- CVE-2021-40886Projectsend version r1295 is affected by a directory traversal vulnerability. A user with Uploader role can add value `2` for `chunks` parameter to bypass `fileName` sanitization.6.5
- CVE-2021-40887Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files[] parameter, an attacker can add ../ to move all PHP files or any file ...9.8
- CVE-2021-40888Projectsend version r1295 is affected by Cross Site Scripting (XSS) due to lack of sanitization when echo output data in returnFilesIds() function. A low privilege user can call this function throu...5.4
- CVE-2020-28874reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter).7.5