Vulnerabilities > Projectsend

DATE CVE VULNERABILITY TITLE RISK
2021-10-11 CVE-2021-40884 Incorrect Authorization vulnerability in Projectsend R1295
Projectsend version r1295 is affected by sensitive information disclosure.
network
low complexity
projectsend CWE-863
5.5
2021-10-11 CVE-2021-40886 Path Traversal vulnerability in Projectsend R1295
Projectsend version r1295 is affected by a directory traversal vulnerability.
network
low complexity
projectsend CWE-22
4.0
2021-10-11 CVE-2021-40887 Path Traversal vulnerability in Projectsend R1295
Projectsend version r1295 is affected by a directory traversal vulnerability.
network
low complexity
projectsend CWE-22
critical
10.0
2021-10-11 CVE-2021-40888 Cross-site Scripting vulnerability in Projectsend R1295
Projectsend version r1295 is affected by Cross Site Scripting (XSS) due to lack of sanitization when echo output data in returnFilesIds() function.
3.5
2021-01-26 CVE-2020-28874 Improper Privilege Management vulnerability in Projectsend
reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic.
network
low complexity
projectsend CWE-269
5.0
2019-05-22 CVE-2018-7201 Improper Neutralization of Formula Elements in a CSV File vulnerability in Projectsend
CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel.
6.8
2019-05-22 CVE-2018-7202 Cross-site Scripting vulnerability in Projectsend
An issue was discovered in ProjectSend before r1053.
4.3
2019-04-26 CVE-2019-11533 Cross-site Scripting vulnerability in Projectsend
Cross-site scripting (XSS) vulnerability in ProjectSend before r1070 allows remote attackers to inject arbitrary web script or HTML.
4.3
2019-04-26 CVE-2019-11492 Information Exposure Through Log Files vulnerability in Projectsend
ProjectSend before r1070 writes user passwords to the server logs.
network
low complexity
projectsend CWE-532
5.0
2019-04-20 CVE-2019-11378 Unrestricted Upload of File with Dangerous Type vulnerability in Projectsend R1053
An issue was discovered in ProjectSend r1053.
network
low complexity
projectsend CWE-434
6.5