Xoriath

**Name of the Vulnerable Software and Affected Versions** ProjectSend versions prior to r1945 **Description** A cross-site scripting issue exists in ProjectSend up to version r1720. The flaw is located within the File Editor/Custom Download Aliases component and involves an unknown function. This manipulation allows for remote execution of cross-site scripting. The exploit has been published. **Recommendations** Upgrade to version r1945 to address this issue.