Vulnerabilities > Projectsend > Projectsend > 157
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-26 | CVE-2024-11680 | Incorrect Authorization vulnerability in Projectsend ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. | 9.8 |
| 2024-08-12 | CVE-2024-7658 | Authorization Bypass Through User-Controlled Key vulnerability in Projectsend A vulnerability, which was classified as problematic, has been found in projectsend up to r1605. | 5.3 |
| 2024-08-12 | CVE-2024-7659 | Use of Insufficiently Random Values vulnerability in Projectsend A vulnerability, which was classified as problematic, was found in projectsend up to r1605. | 7.5 |
| 2023-02-01 | CVE-2023-0607 | Unspecified vulnerability in Projectsend Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/projectsend prior to r1606. | 4.8 |
| 2021-01-26 | CVE-2020-28874 | Improper Resource Shutdown or Release vulnerability in Projectsend reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. | 7.5 |
| 2019-05-22 | CVE-2018-7201 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Projectsend CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel. | 8.8 |
| 2019-05-22 | CVE-2018-7202 | Cross-site Scripting vulnerability in Projectsend An issue was discovered in ProjectSend before r1053. | 6.1 |
| 2019-04-26 | CVE-2019-11533 | Cross-site Scripting vulnerability in Projectsend Cross-site scripting (XSS) vulnerability in ProjectSend before r1070 allows remote attackers to inject arbitrary web script or HTML. | 6.1 |
| 2019-04-26 | CVE-2019-11492 | Information Exposure Through Log Files vulnerability in Projectsend ProjectSend before r1070 writes user passwords to the server logs. | 7.5 |
| 2018-03-06 | CVE-2017-9786 | Cross-site Scripting vulnerability in Projectsend Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in My account Name updated, related to home.php and actions-log.php. | 6.1 |