Vulnerabilities > Projectsend > Projectsend > r756

DATE CVE VULNERABILITY TITLE RISK
2024-11-26 CVE-2024-11680 Incorrect Authorization vulnerability in Projectsend
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability.
network
low complexity
projectsend CWE-863
critical
9.8
2024-08-12 CVE-2024-7658 Authorization Bypass Through User-Controlled Key vulnerability in Projectsend
A vulnerability, which was classified as problematic, has been found in projectsend up to r1605.
network
low complexity
projectsend CWE-639
5.3
2024-08-12 CVE-2024-7659 Use of Insufficiently Random Values vulnerability in Projectsend
A vulnerability, which was classified as problematic, was found in projectsend up to r1605.
network
low complexity
projectsend CWE-330
7.5
2023-02-01 CVE-2023-0607 Unspecified vulnerability in Projectsend
Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/projectsend prior to r1606.
network
low complexity
projectsend
4.8
2021-01-26 CVE-2020-28874 Improper Resource Shutdown or Release vulnerability in Projectsend
reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic.
network
low complexity
projectsend CWE-404
7.5
2019-05-22 CVE-2018-7202 Cross-site Scripting vulnerability in Projectsend
An issue was discovered in ProjectSend before r1053.
network
low complexity
projectsend CWE-79
6.1