Filtered by vendor Projectsend
Subscriptions
Filtered by product Projectsend
Subscriptions
Total
24 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-40888 | 1 Projectsend | 1 Projectsend | 2024-08-04 | 5.4 Medium |
Projectsend version r1295 is affected by Cross Site Scripting (XSS) due to lack of sanitization when echo output data in returnFilesIds() function. A low privilege user can call this function through process.php file and execute scripting code. | ||||
CVE-2021-40884 | 1 Projectsend | 1 Projectsend | 2024-08-04 | 8.1 High |
Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user with uploader role can download and edit all files of users in application. | ||||
CVE-2021-40887 | 1 Projectsend | 1 Projectsend | 2024-08-04 | 9.8 Critical |
Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files[] parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder. | ||||
CVE-2023-0607 | 1 Projectsend | 1 Projectsend | 2024-08-02 | 4.8 Medium |
Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/projectsend prior to r1606. |