Cross-site Scripting (XSS) - Stored in projectsend/projectsend

Valid

Reported on

Jul 2nd 2021

💥 BUG

CSRF bug to delete file

💥 SUMMURY

during batch delete file there is no csrf token present

💥 STEP TO REPRODUCE

1. vulnerable url is http://localhost/projectsend2/manage-files.php?action=delete&batch[]=27&batch[]=31&page=1 .
Here in this url change file-id to delete and open the url and see file is deleted .
So, attacker can send this to any user or admin and when he open this link then file is deleted

💥 IMPACT

Attacker can delete any file using this csrf bug

We have contacted a member of the projectsend team and are waiting to hear back 2 years ago

Ignacio Nelson validated this vulnerability a year ago

ranjit-git has been awarded the disclosure bounty

The fix bounty is now up for grabs

Ignacio Nelson marked this as fixed in r1338 with commit afc564 a year ago

Ignacio Nelson has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation