Vulnerabilities > Projeqtor

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-11	CVE-2021-42940	Cross-site Scripting vulnerability in Projeqtor A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code. network low complexity projeqtor CWE-79 critical	9.9
2018-11-04	CVE-2018-18924	Incomplete Cleanup vulnerability in Projeqtor The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable filenames, after a "This file is not a valid image" error message. network low complexity projeqtor CWE-459	8.8
2017-07-31	CVE-2017-11760	Code Injection vulnerability in Projeqtor uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area. network low complexity projeqtor CWE-94	8.8

Vulnerabilities > Projeqtor {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Projeqtor"}]}