Cross-site Scripting (XSS) - Reflected in projectsend/projectsend

Valid

Reported on

Jul 2nd 2021


💥 BUG

reflected xss

💥 STEP TO REPRODUCE

1. Login to your account and visit url http://localhost/projectsend2/process.php?do=return_files_ids&files%5B0%5D%5Bname%5D=batch%5B%5D&files%5B0%5D%5Bvalue%5D=32%27%22%3E%3Cimg+src=x+onerror=alert()%3E and see xss is executed

💥 IMPACT

Attacker can execute arbitary javascript in victim account using this xss

We have contacted a member of the projectsend team and are waiting to hear back 5 months ago
ranjit-git submitted a
4 months ago
Ignacio Nelson confirmed that a fix has been merged on 0a30d0 4 months ago
ranjit-git has been awarded the fix bounty