Vulnerabilities > Projectsend
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-11 | CVE-2021-40884 | Incorrect Authorization vulnerability in Projectsend R1295 Projectsend version r1295 is affected by sensitive information disclosure. | 5.5 |
| 2021-10-11 | CVE-2021-40886 | Path Traversal vulnerability in Projectsend R1295 Projectsend version r1295 is affected by a directory traversal vulnerability. | 4.0 |
| 2021-10-11 | CVE-2021-40887 | Path Traversal vulnerability in Projectsend R1295 Projectsend version r1295 is affected by a directory traversal vulnerability. | 10.0 |
| 2021-10-11 | CVE-2021-40888 | Cross-site Scripting vulnerability in Projectsend R1295 Projectsend version r1295 is affected by Cross Site Scripting (XSS) due to lack of sanitization when echo output data in returnFilesIds() function. | 3.5 |
| 2021-01-26 | CVE-2020-28874 | Improper Privilege Management vulnerability in Projectsend reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. | 5.0 |
| 2019-05-22 | CVE-2018-7201 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Projectsend CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel. | 6.8 |
| 2019-05-22 | CVE-2018-7202 | Cross-site Scripting vulnerability in Projectsend An issue was discovered in ProjectSend before r1053. | 4.3 |
| 2019-04-26 | CVE-2019-11533 | Cross-site Scripting vulnerability in Projectsend Cross-site scripting (XSS) vulnerability in ProjectSend before r1070 allows remote attackers to inject arbitrary web script or HTML. | 4.3 |
| 2019-04-26 | CVE-2019-11492 | Information Exposure Through Log Files vulnerability in Projectsend ProjectSend before r1070 writes user passwords to the server logs. | 5.0 |
| 2019-04-20 | CVE-2019-11378 | Unrestricted Upload of File with Dangerous Type vulnerability in Projectsend R1053 An issue was discovered in ProjectSend r1053. | 6.5 |