Cross-site Scripting (XSS) - Stored in projectsend/projectsend


Reported on

Jul 2nd 2021


Stored xss during file upload


check this 1 minute video to reproduce the bug


Lower level user can make xss attack against admin. So, using this xss bug lower level user can execute arbitary javascript in admin account

We have contacted a member of the projectsend team and are waiting to hear back 2 years ago
Ignacio Nelson validated this vulnerability a year ago
ranjit-git has been awarded the disclosure bounty
The fix bounty is now up for grabs
Ignacio Nelson marked this as fixed in r1337 with commit 1d045b a year ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
to join this conversation