Vulnerabilities > Projectsend > Projectsend

DATE CVE VULNERABILITY TITLE RISK
2024-11-26 CVE-2024-11680 Incorrect Authorization vulnerability in Projectsend
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability.
network
low complexity
projectsend CWE-863
critical
9.8
2024-08-12 CVE-2024-7658 Authorization Bypass Through User-Controlled Key vulnerability in Projectsend
A vulnerability, which was classified as problematic, has been found in projectsend up to r1605.
network
low complexity
projectsend CWE-639
5.3
2024-08-12 CVE-2024-7659 Use of Insufficiently Random Values vulnerability in Projectsend
A vulnerability, which was classified as problematic, was found in projectsend up to r1605.
network
low complexity
projectsend CWE-330
7.5
2023-02-01 CVE-2023-0607 Unspecified vulnerability in Projectsend
Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/projectsend prior to r1606.
network
low complexity
projectsend
4.8
2022-06-27 CVE-2017-20101 Authorization Bypass Through User-Controlled Key vulnerability in Projectsend R754
A vulnerability, which was classified as problematic, was found in ProjectSend r754.
network
low complexity
projectsend CWE-639
5.7
2021-10-11 CVE-2021-40884 Missing Authorization vulnerability in Projectsend R1295
Projectsend version r1295 is affected by sensitive information disclosure.
network
low complexity
projectsend CWE-862
8.1
2021-10-11 CVE-2021-40886 Path Traversal vulnerability in Projectsend R1295
Projectsend version r1295 is affected by a directory traversal vulnerability.
network
low complexity
projectsend CWE-22
6.5
2021-10-11 CVE-2021-40887 Path Traversal vulnerability in Projectsend R1295
Projectsend version r1295 is affected by a directory traversal vulnerability.
network
low complexity
projectsend CWE-22
critical
9.8
2021-10-11 CVE-2021-40888 Cross-site Scripting vulnerability in Projectsend R1295
Projectsend version r1295 is affected by Cross Site Scripting (XSS) due to lack of sanitization when echo output data in returnFilesIds() function.
network
low complexity
projectsend CWE-79
5.4
2021-01-26 CVE-2020-28874 Improper Resource Shutdown or Release vulnerability in Projectsend
reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic.
network
low complexity
projectsend CWE-404
7.5