CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11492
https://notcve.org/view.php?id=CVE-2019-11492
ProjectSend before r1070 writes user passwords to the server logs. ProjectSend versiones anteriores a la r1070 escribe las contraseñas de usuario en los registros del servidor. • https://www.projectsend.org/change-log • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9786
https://notcve.org/view.php?id=CVE-2017-9786
Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in My account Name updated, related to home.php and actions-log.php. Vulnerabilidad de Cross-Site Scripting (XSS) en ProjectSend (anteriormente cFTP) en versiones anteriores al commit con ID 6c3710430be26feb5371cb0377e5355d6f9a27ca permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el campo Description en un nombre actualizado en My account. Esto se relaciona con home.php y actions-log.php. • https://github.com/ignacionelson/ProjectSend/pull/448/commits/6c3710430be26feb5371cb0377e5355d6f9a27ca • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9783
https://notcve.org/view.php?id=CVE-2017-9783
Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in a Site name updated. Vulnerabilidad de Cross-Site Scripting (XSS) en ProjectSend (anteriormente cFTP) en versiones anteriores al commit con ID 6c3710430be26feb5371cb0377e5355d6f9a27ca permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el campo Description en un nombre de sitio actualizado. • https://github.com/ignacionelson/ProjectSend/compare/448/commits https://github.com/ignacionelson/ProjectSend/pull/448/commits/6c3710430be26feb5371cb0377e5355d6f9a27ca • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •