Vulnerabilities > Projeqtor > Projeqtor > 5.2.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-11 | CVE-2021-42940 | Cross-site Scripting vulnerability in Projeqtor A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code. | 3.5 |
| 2018-11-04 | CVE-2018-18924 | Incomplete Cleanup vulnerability in Projeqtor The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable filenames, after a "This file is not a valid image" error message. | 6.5 |
| 2017-07-31 | CVE-2017-11760 | Code Injection vulnerability in Projeqtor uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area. | 6.5 |