Description
Projectsend version r1295 is affected by Cross Site Scripting (XSS) due to lack of sanitization when echo output data in returnFilesIds() function. A low privilege user can call this function through process.php file and execute scripting code.
Remediation
References
Related Vulnerabilities
WordPress Plugin Price Commander for WooCommerce Security Bypass (1.2.2)
Liferay Portal Other Vulnerability (CVE-2024-26270)
WordPress 4.9.x Multiple Vulnerabilities (4.9 - 4.9.21)
Apache Tomcat Resource Management Errors Vulnerability (CVE-2012-4534)
Oracle Database Server Improper Input Validation Vulnerability (CVE-2016-2381)