WEB APPLICATION VULNERABILITIES Standard & Premium

ProjectSend Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-7202)

Description

An issue was discovered in ProjectSend before r1053. XSS exists in the "Name" field on the My Account page.

Remediation

References

Related Vulnerabilities

WordPress Plugin Social Like Box and Page by WpDevArt Unspecified Vulnerability (0.8.39)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-19970)

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5504)

WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.24)

WordPress Other Vulnerability (CVE-2006-0733)

Severity

Medium

Classification

CVE-2018-7202 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities