Vulnerabilities > Projectsend
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-06 | CVE-2017-9783 | Cross-site Scripting vulnerability in Projectsend Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in a Site name updated. | 6.1 |
| 2017-06-18 | CVE-2017-9741 | Improper Input Validation vulnerability in Projectsend R754 install/make-config.php in ProjectSend r754 allows remote attackers to execute arbitrary PHP code via the dbprefix parameter, related to replacing TABLES_PREFIX in the configuration file. | 9.8 |