10 results (0.036 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/projectsend prior to r1606. • https://github.com/projectsend/projectsend/commit/698be4ade1db6ae0eaf27c843a03ffc9683cca0a https://huntr.dev/bounties/9294743d-7818-4264-b973-59de027d549b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 2

A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zip_download. The manipulation of the argument client/file leads to information disclosure. It is possible to initiate the attack remotely. • http://seclists.org/fulldisclosure/2017/Feb/58 https://vuldb.com/?id.97275 https://youtu.be/Xc6Jg9I7Pj4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter). El archivo reset-password.php en ProjectSend versiones anteriores a r1295, permite a atacantes remotos restablecer una contraseña debido a una lógica comercial incorrecta. Los errores no son apropiadamente considerados (un parámetro de token no válido) • https://github.com/varandinawer/CVE-2020-28874 http://projectsend.com https://github.com/projectsend/projectsend/commit/440204734e9a1687cb9887e1c887173d23c5a93e https://github.com/projectsend/projectsend/commits/master https://github.com/projectsend/projectsend/releases/tag/r1295 • CWE-287: Improper Authentication CWE-404: Improper Resource Shutdown or Release •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel. Fue encontrada una inyección de archivo CSV en ProjectSend antes de la versión r1053, afectando a las víctimas que importan los datos en Microsoft Excel. • https://www.projectsend.org/change-log-detail/r1053 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in ProjectSend before r1053. XSS exists in the "Name" field on the My Account page. Se ha detectado un problema en ProjectSend antes de R1053. XSS existe en el campo "Name " en la página My Account. • https://www.projectsend.org/change-log-detail/r1053 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •