CVE-2017-9783

Name of the Vulnerable Software and Affected Versions ProjectSend versions prior to commit 6c3710430be26feb5371cb0377e5355d6f9a27ca

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the Description field in a Site name update. This could potentially lead to unauthorized actions on the affected system.

Recommendations For versions prior to commit 6c3710430be26feb5371cb0377e5355d6f9a27ca, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting user input in the Description field to minimize the risk of exploitation.