Cross-site Scripting (XSS) - Stored in projectsend/projectsend


Reported on

Jul 2nd 2021


CSRF bug to delete file


during batch delete file there is no csrf token present


1. vulnerable url is http://localhost/projectsend2/manage-files.php?action=delete&batch[]=27&batch[]=31&page=1 .
Here in this url change file-id to delete and open the url and see file is deleted .
So, attacker can send this to any user or admin and when he open this link then file is deleted


Attacker can delete any file using this csrf bug

We have contacted a member of the projectsend team and are waiting to hear back 2 years ago
Ignacio Nelson validated this vulnerability a year ago
ranjit-git has been awarded the disclosure bounty
The fix bounty is now up for grabs
Ignacio Nelson marked this as fixed in r1338 with commit afc564 a year ago
Ignacio Nelson has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation