333 matches found
CVE-2023-53930 ProjectSend r1605 Insecure Direct Object Reference File Download Vulnerability
ProjectSend r1605 contains an insecure direct object reference vulnerability that allows unauthenticated attackers to download private files by manipulating the download ID parameter. Attackers can access any user's private files by changing the 'id' parameter in the download request to process.p...
CVE-2023-53906
CVE-2023-53906 (projectSend r1605) is a stored cross-site scripting vulnerability where authenticated administrators can inject JavaScript via the custom assets configuration page. A payload placed in the custom assets section executes when other users load the affected page, enabling persistent ...
CVE-2023-53906 ProjectSend r1605 Stored Cross-Site Scripting via Custom Assets Page
projectSend r1605 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript through the custom assets configuration page. Attackers can craft a JavaScript payload in the custom assets section that will execute when other users loa...
CVE-2023-53905 ProjectSend r1605 CSV Injection via User Account Export Functionality
ProjectSend r1605 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into user profile names. Attackers can craft payloads like =calc|a!z| in the name field to trigger code execution when administrators export action logs as CSV files...
CVE-2023-53905
CVE-2023-53905 affects ProjectSend r1605 and describes a CSV injection vulnerability where authenticated users can inject malicious formulas into user profile names. The vulnerability can trigger code execution when administrators export action logs to CSV files, with an example payload such as =...
CVE-2023-53905 ProjectSend r1605 CSV Injection via User Account Export Functionality
ProjectSend r1605 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into user profile names. Attackers can craft payloads like =calc|a!z| in the name field to trigger code execution when administrators export action logs as CSV files...
ProjectSend 安全漏洞
ProjectSend cFTP is the ProjectSend open source suite of self-hosted applications based on PHP and MySQL. A security vulnerability exists in ProjectSend r1605 that originates from an unauthenticated attacker who can download private files by manipulating the download ID parameter, which could lea...
ProjectSend 跨站脚本漏洞
ProjectSend cFTP is the ProjectSend open source suite of self-hosted applications based on PHP and MySQL. A cross-site scripting vulnerability exists in ProjectSend version r1605, which stems from improper cleanup of custom asset configuration pages and could lead to a stored cross-site scripting...
ProjectSend 安全漏洞
ProjectSend cFTP is the ProjectSend open source suite of self-hosted applications based on PHP and MySQL. A security vulnerability exists in ProjectSend cFTP version r1605, which stems from improper cleanup of the user profile name field and could lead to a CSV injection attack...
PT-2025-51943
Name of the Vulnerable Software and Affected Versions ProjectSend version r1605 Description ProjectSend version r1605 contains a CSV injection flaw. Authenticated users can inject malicious formulas into user profile names. An attacker can use a payload like =calc|a!z| within the name field. When...
CVE-2025-13232
A flaw has been found in projectsend up to r1720. Impacted is an unknown function of the component File Editor/Custom Download Aliases. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. Upgrading to...
EUVD-2025-197711
A flaw has been found in projectsend up to r1720. Impacted is an unknown function of the component File Editor/Custom Download Aliases. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. Upgrading to...
CVE-2025-13232
A flaw has been found in projectsend up to r1720. Impacted is an unknown function of the component File Editor/Custom Download Aliases. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. Upgrading to...
CVE-2025-13232 projectsend File Editor/Custom Download Aliases cross site scripting
A flaw has been found in projectsend up to r1720. Impacted is an unknown function of the component File Editor/Custom Download Aliases. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. Upgrading to...
CVE-2025-13232
CVE-2025-13232 affects ProjectSend up to r1720, specifically the File Editor/Custom Download Aliases component. The issue is a cross-site scripting vulnerability arising from manipulation of an unknown function within that component, enabling remote exploitation. Public exploit exists and has bee...
CVE-2025-13232 projectsend File Editor/Custom Download Aliases cross site scripting
A flaw has been found in projectsend up to r1720. Impacted is an unknown function of the component File Editor/Custom Download Aliases. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. Upgrading to...
PT-2025-47065
Name of the Vulnerable Software and Affected Versions ProjectSend versions prior to r1945 Description A cross-site scripting issue exists in ProjectSend up to version r1720. The flaw is located within the File Editor/Custom Download Aliases component and involves an unknown function. This...
ProjectSend 代码注入漏洞
ProjectSend cFTP is the ProjectSend open source suite of self-hosted applications based on PHP and MySQL. A code injection vulnerability exists in ProjectSend r1720 and earlier versions, which stems from a misbehavior of the component File Editor/Custom Download Aliases and could lead to cross-si...
ProjectSend < r1720 Authentication Bypass (CVE-2024-11680)
Binary data projectsendCVE-2024-11680.nbin...
ProjectSend Web Detection
Binary data projectsendwebdetect.nbin...