N/A

Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote attackers to inject arbitrary web script or HTML via the Description field in a file upload. NOTE: this issue was originally incorrectly mapped to CVE-2014-1155; see CVE-2014-1155 for more information.

N/A

N/A

ProjectSend 跨站脚本漏洞

ProjectSend（前称cFTP）是一套基于PHP和MySQL的自托管应用程序。 ProjectSend r561版本中存在跨站脚本漏洞。远程攻击者可借助文件上传中的‘Description’字段利用该漏洞注入任意Web脚本或HTML。

N/A

N/A