Cross Site Scripting Vulnerability in Projectsend by Projectsend
CVE-2021-40888

5.4MEDIUM

Key Information:

Vendor: Projectsend
Status: Projectsend
Vendor: CVE Published:; 11 October 2021

What is CVE-2021-40888?

A Cross Site Scripting vulnerability exists in Projectsend version r1295, where improper sanitization of data in the returnFilesIds() function allows low privilege users to execute arbitrary scripting code via the process.php file. This flaw poses a risk of executing malicious scripts within the context of the affected application, potentially compromising user data and security.

References

https://github.com/projectsend/projectsend/issues/995

x_refsource_MISC

https://github.com/projectsend/projectsend/releases/tag/r...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 11, 2021
Vulnerability Reserved
Sep 13, 2021