CVE-2025-13232

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions ProjectSend versions prior to r1945

Description A cross-site scripting issue exists in ProjectSend up to version r1720. The flaw is located within the File Editor/Custom Download Aliases component and involves an unknown function. This manipulation allows for remote execution of cross-site scripting. The exploit has been published.

Recommendations Upgrade to version r1945 to address this issue.

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2025-13232

Affected Products

Projectsend

CVE-2025-13232

Weakness Enumeration

Related Identifiers

Affected Products

References · 14