EUVD-2021-34807

Projectsend r1295 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input in the 'name' parameter of files-edit.php. Attackers can inject JavaScript payloads through the file name field that execute in the...

CVE-2021-47947

CVE-2021-47947 affects Projectsend (r1295). A stored XSS exists in the files-edit.php name parameter: authenticated attackers can submit crafted input to inject JavaScript that executes in other users’ browsers, notably impacting System Administrator users on the Dashboard page. The issue is caus...

CVE-2021-47947

Projectsend r1295 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input in the 'name' parameter of files-edit.php. Attackers can inject JavaScript payloads through the file name field that execute in the...

CVE-2021-47947 Projectsend r1295 Stored Cross-Site Scripting via files-edit.php

Projectsend r1295 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input in the 'name' parameter of files-edit.php. Attackers can inject JavaScript payloads through the file name field that execute in the...

ProjectSend 跨站脚本漏洞

ProjectSend cFTP is an open-source set of self-hosted applications based on PHP and MySQL by ProjectSend. Version r1295 of ProjectSend contains a cross-site scripting vulnerability. This vulnerability stems from a stored-cross-site scripting vulnerability in the files-edit.php file, which could...

CVE-2012-6101

Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to 1 backup/backupfilesedit.php, 2 comment/commentpost.php, 3...