Description ProjectSend before r1070 writes user passwords to the server logs. Remediation References CVE-2019-11492 Related Vulnerabilities Drupal Core 7.x Security Bypass (7.0 - 7.55) Oracle Database Server Other Vulnerability (CVE-2001-0942) MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-15596) Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-4370) Phusion Passenger Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2018-12028) Severity High Classification CVE-2019-11492 CWE-532 Tags Missing Update Known Vulnerabilities