CVE-2023-53906

Medium CVSS: 5.1

projectSend r1605 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript through the custom assets configuration page. Attackers can craft a JavaScript payload in the custom assets section that will execute when other users load the affected page, enabling persistent script injection.

Vendor

Projectsend

Product

Projectsend

CWE

CWE-79

Yayın Tarihi

2025-12-17 23:15:48

Güncelleme

2025-12-27 17:15:42

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-79 Projectsend MEDIUM Projectsend 2025

Referanslar

https://www.exploit-db.com/exploits/51518 https://www.projectsend.org/ https://www.vulncheck.com/advisories/projectsend-stored-cross-site-scripting-via-custom-assets-page https://www.exploit-db.com/exploits/51518

Benzer Kayıtlar

High

CVE-2023-53980

ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by mani…

High

CVE-2023-53930

ProjectSend r1605 contains an insecure direct object reference vulnerability that allows unauthenticated attackers to do…

Medium

CVE-2023-53905

ProjectSend r1605 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas in…