Known Vulnerabilities for products from Projectsend
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Projectsend".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-5624 json | Not Provided | 2026-04-06 | 2026-04-06 | |
| CVE-2026-4045 json | Not Provided | 2026-03-12 | 2026-03-12 | |
| CVE-2026-4044 json | Not Provided | 2026-03-12 | 2026-03-12 | |
| CVE-2026-3977 json | Not Provided | 2026-03-12 | 2026-03-12 | |
| CVE-2025-13232 json | Not Provided | 2025-11-16 | 2026-02-24 | |
| CVE-2023-0607 json | Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/projectsend prior to r1606. | 4.8 - MEDIUM | 2023-02-01 | 2023-02-08 |
| CVE-2021-47947 json | Not Provided | 2026-05-10 | 2026-05-11 | |
| CVE-2021-40888 json | Projectsend version r1295 is affected by Cross Site Scripting (XSS) due to lack of sanitization when echo output data in retu... | 5.4 - MEDIUM | 2021-10-11 | 2021-10-18 |
| CVE-2021-40887 json | Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files... | 9.8 - CRITICAL | 2021-10-11 | 2021-10-18 |
| CVE-2021-40886 json | Projectsend version r1295 is affected by a directory traversal vulnerability. A user with Uploader role can add value `2` for... | 6.5 - MEDIUM | 2021-10-11 | 2021-10-16 |
| CVE-2021-40884 json | Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids param... | 8.1 - HIGH | 2021-10-11 | 2022-07-12 |
| CVE-2020-28874 json | reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logi... | 7.5 - HIGH | 2021-01-26 | 2021-07-21 |
| CVE-2019-11533 json | Cross-site scripting (XSS) vulnerability in ProjectSend before r1070 allows remote attackers to inject arbitrary web script o... | 6.1 - MEDIUM | 2019-04-26 | 2019-05-01 |
| CVE-2019-11492 json | ProjectSend before r1070 writes user passwords to the server logs. | 7.5 - HIGH | 2019-04-26 | 2019-04-30 |
| CVE-2019-11378 json | An issue was discovered in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ directory traversal. It is ... | 8.8 - HIGH | 2019-04-20 | 2021-07-21 |
| CVE-2018-7202 json | An issue was discovered in ProjectSend before r1053. XSS exists in the "Name" field on the My Account page. | 6.1 - MEDIUM | 2019-05-22 | 2019-05-23 |
| CVE-2018-7201 json | CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel. | 8.8 - HIGH | 2019-05-22 | 2020-08-24 |
| CVE-2017-20101 json | A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file... | 5.7 - MEDIUM | 2022-06-27 | 2022-07-07 |
| CVE-2017-9786 json | Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27c... | 6.1 - MEDIUM | 2018-03-06 | 2018-03-27 |
| CVE-2017-9783 json | Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27c... | 6.1 - MEDIUM | 2018-03-06 | 2018-03-27 |
Known software with vulnerabilities from Projectsend
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Projectsend | Projectsend | 100 |