Projectpier · Projectpier-Core · CVE-2015-2796
**Name of the Vulnerable Software and Affected Versions**
ProjectPier-Core (affected versions not specified)
**Description**
The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The vulnerable parameters include the `search for` parameter in the following API endpoints: "search by tag.php", "search contacts.php", or "search.php".
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.