Vulnerabilities > Projectpier > Projectpier
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-07 | CVE-2013-3637 | Cross-site Scripting vulnerability in Projectpier 0.8.8 ProjectPier 0.8.8 does not use the Secure flag for cookies | 3.5 |
| 2020-02-07 | CVE-2013-3636 | Cross-site Scripting vulnerability in Projectpier 0.8.8 ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag | 3.5 |
| 2020-02-07 | CVE-2013-3635 | Cross-site Scripting vulnerability in Projectpier 0.8.8 ProjectPier 0.8.8 has stored XSS | 3.5 |
| 2018-05-16 | CVE-2018-10760 | Unrestricted Upload of File with Dangerous Type vulnerability in Projectpier Unrestricted file upload vulnerability in the Files plugin in ProjectPier 0.88 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the tmp directory under the document root. | 6.5 |
| 2018-05-16 | CVE-2018-10759 | SQL Injection vulnerability in Projectpier PHP remote file inclusion vulnerability in public/patch/patch.php in Project Pier 0.8.8 and earlier allows remote attackers to execute arbitrary commands or SQL statements via the id parameter. | 7.5 |
| 2018-02-02 | CVE-2015-2796 | Cross-site Scripting vulnerability in Projectpier 0.8.8 Multiple cross-site scripting (XSS) vulnerabilities in Project-Pier ProjectPier-Core allow remote attackers to inject arbitrary web script or HTML via the search_for parameter to (1) search_by_tag.php, (2) search_contacts.php, or (3) search.php. | 4.3 |
| 2011-09-24 | CVE-2011-3797 | Information Exposure vulnerability in Projectpier 0.8.0.3 ProjectPier 0.8.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files. | 5.0 |