CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0607 – Cross-site Scripting (XSS) - Stored in projectsend/projectsend
https://notcve.org/view.php?id=CVE-2023-0607
Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/projectsend prior to r1606. • https://github.com/projectsend/projectsend/commit/698be4ade1db6ae0eaf27c843a03ffc9683cca0a https://huntr.dev/bounties/9294743d-7818-4264-b973-59de027d549b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-28874
https://notcve.org/view.php?id=CVE-2020-28874
reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter). El archivo reset-password.php en ProjectSend versiones anteriores a r1295, permite a atacantes remotos restablecer una contraseña debido a una lógica comercial incorrecta. Los errores no son apropiadamente considerados (un parámetro de token no válido) • https://github.com/varandinawer/CVE-2020-28874 http://projectsend.com https://github.com/projectsend/projectsend/commit/440204734e9a1687cb9887e1c887173d23c5a93e https://github.com/projectsend/projectsend/commits/master https://github.com/projectsend/projectsend/releases/tag/r1295 • CWE-287: Improper Authentication CWE-404: Improper Resource Shutdown or Release •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7201
https://notcve.org/view.php?id=CVE-2018-7201
CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel. Fue encontrada una inyección de archivo CSV en ProjectSend antes de la versión r1053, afectando a las víctimas que importan los datos en Microsoft Excel. • https://www.projectsend.org/change-log-detail/r1053 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7202
https://notcve.org/view.php?id=CVE-2018-7202
An issue was discovered in ProjectSend before r1053. XSS exists in the "Name" field on the My Account page. Se ha detectado un problema en ProjectSend antes de R1053. XSS existe en el campo "Name " en la página My Account. • https://www.projectsend.org/change-log-detail/r1053 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11533
https://notcve.org/view.php?id=CVE-2019-11533
Cross-site scripting (XSS) vulnerability in ProjectSend before r1070 allows remote attackers to inject arbitrary web script or HTML. Una vulnerabilidad de cross-site scripting (XSS) en ProjectSend, versiones anteriores a r1070, permite a los atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios. • http://www.securityfocus.com/bid/108088 https://www.projectsend.org/change-log • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •