Cross-site Scripting Vulnerability in ProjectSend by ProjectSend
CVE-2014-9580

Currently unrated

Key Information:

Vendor: Projectsend
Status: Projectsend
Vendor: CVE Published:; 8 January 2015

What is CVE-2014-9580?

A Cross-site Scripting (XSS) vulnerability exists in ProjectSend r561, allowing remote attackers to inject arbitrary web scripts or HTML through the Description field during file uploads. This can lead to malicious scripts being executed in the context of a user's browser, potentially compromising user data and security. Proper validation and sanitization of user input are critical in preventing such vulnerabilities.

References

http://www.exploit-db.com/exploits/35582

exploitx_refsource_EXPLOIT-DB

http://packetstormsecurity.com/files/129666

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/99550

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jan 8, 2015
Vulnerability Reserved
Jan 8, 2015

Projectsend

What is CVE-2014-9580?

References

Timeline