CVE-2017-9786

Name of the Vulnerable Software and Affected Versions ProjectSend (formerly cFTP) versions before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the Description field in "My account Name updated", related to home.php and actions-log.php.

Recommendations For versions before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca, update to a version that includes commit 6c3710430be26feb5371cb0377e5355d6f9a27ca or later to resolve the issue. As a temporary workaround, consider restricting input to the Description field to minimize the risk of exploitation.