Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
ProjectSend Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2023-53906 - Vulnerability Database
ProjectSend

ProjectSend Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2023-53906

Medium
Reference: CVE-2023-53906
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2023-53906
Title: ProjectSend Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

projectSend r1605 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript through the custom assets configuration page. Attackers can craft a JavaScript payload in the custom assets section that will execute when other users load the affected page enabling persistent script injection.