Description
Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in a Site name updated.
Remediation
References
Related Vulnerabilities
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-4791)
OpenSSL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2022-1434)
WordPress Plugin Timed Popup Cross-Site Request Forgery (1.3)
WordPress Plugin cloudsafe365_for_WP 'file' Parameter Remote File Disclosure (1.46)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2081)