CVE-2017-20101

A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zipdownload. The manipulation of the argument client/file leads to information disclosure. It is possible to initiate the attack remotely...

CVE-2021-40888

Projectsend version r1295 is affected by Cross Site Scripting XSS due to lack of sanitization when echo output data in returnFilesIds function. A low privilege user can call this function through process.php file and execute scripting code...

CVE-2021-40884

Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user with uploader role can download and edit all files of users in application...

CVE-2021-40888

Projectsend version r1295 is affected by Cross Site Scripting XSS due to lack of sanitization when echo output data in returnFilesIds function. A low privilege user can call this function through process.php file and execute scripting code...

Cross site scripting

Projectsend version r1295 is affected by Cross Site Scripting XSS due to lack of sanitization when echo output data in returnFilesIds function. A low privilege user can call this function through process.php file and execute scripting code...

CVE-2021-40884

Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user with uploader role can download and edit all files of users in application...

CVE-2021-40884

CVE-2021-40884 affects ProjectSend version r1295. The root cause is missing authorization checks for the ids parameter in files-edit.php and the id parameter in process.php, enabling a user with uploader role to download and edit all users’ files. The vulnerability is described across multiple so...

CVE-2021-40888

Projectsend version r1295 is affected by Cross Site Scripting XSS due to lack of sanitization when echo output data in returnFilesIds function. A low privilege user can call this function through process.php file and execute scripting code...

Projectsend 安全漏洞

An information disclosure vulnerability exists in ProjectSend version r1295, a free, customer-facing private file sharing web application. The vulnerability stems from the ids parameter in files-edit.php and the id parameter in process.php not checking for authorization. An attacker could exploit...

CVE-2018-17030

BigTree CMS 4.2.23 allows remote authenticated users, if possessing privileges to set hooks, to execute arbitrary code via /core/admin/auto-modules/forms/process.php...

CVE-2018-17030

BigTree CMS 4.2.23 allows remote authenticated users, if possessing privileges to set hooks, to execute arbitrary code via /core/admin/auto-modules/forms/process.php...

yakult.co.in XSS vulnerability

Open Bug Bounty ID: OBB-638685 Description| Value ---|--- Affected Website:| yakult.co.in Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

dafilmschool.com XSS vulnerability

Open Bug Bounty ID: OBB-626754 Description| Value ---|--- Affected Website:| dafilmschool.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

heartlandbanks.bank XSS vulnerability

Open Bug Bounty ID: OBB-610594 Description| Value ---|--- Affected Website:| heartlandbanks.bank Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

strandvision.com XSS vulnerability

Open Bug Bounty ID: OBB-605952 Description| Value ---|--- Affected Website:| strandvision.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

data.abcfundraising.com XSS vulnerability

Open Bug Bounty ID: OBB-600089 Description| Value ---|--- Affected Website:| data.abcfundraising.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

rent2ownnow.com XSS vulnerability

Open Bug Bounty ID: OBB-568966 Description| Value ---|--- Affected Website:| rent2ownnow.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

contact.pilotonline.com XSS vulnerability

Open Bug Bounty ID: OBB-554216 Description| Value ---|--- Affected Website:| contact.pilotonline.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

ajet-drains.co.uk XSS vulnerability

Open Bug Bounty ID: OBB-423901 Description| Value ---|--- Affected Website:| ajet-drains.co.uk Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

shirecroft.co.uk XSS vulnerability

Open Bug Bounty ID: OBB-423559 Description| Value ---|--- Affected Website:| shirecroft.co.uk Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...