CVE-2026-41466

ProjeQtor is affected by a stored XSS in checkValidHtmlText() within Security.php, across versions 7.0 through 12.4.3. The vulnerability arises from inadequate sanitization (only pattern-based checks) and lack of output encoding, allowing attackers to inject payloads that are stored and executed ...

EUVD-2026-25869

ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the checkValidHtmlText function within Security.php that fails to properly sanitize user input by only detecting specific patterns while returning unsanitized strings without output encoding. Attackers ca...

CVE-2026-41462

ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL query without parameterization or sanitization. Attackers can inject arbitrary SQL expressions through the username...

PT-2026-35441

ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL query without parameterization or sanitization. Attackers can inject arbitrary SQL expressions through the username...