Vulnerabilities > Projeqtor > Projeqtor > 7.0.9
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-11 | CVE-2021-42940 | Cross-site Scripting vulnerability in Projeqtor A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code. | 9.9 |
2018-11-04 | CVE-2018-18924 | Incomplete Cleanup vulnerability in Projeqtor The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable filenames, after a "This file is not a valid image" error message. | 8.8 |