CVE-2025-13232
projectsend File Editor/Custom Download Aliases cross site scripting
CVSS Score
3.5
EPSS Score
0.0%
EPSS Percentile
0th
A flaw has been found in projectsend up to r1720. Impacted is an unknown function of the component File Editor/Custom Download Aliases. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. Upgrading to version r1945 is recommended to address this issue. Patch name: 334da1ea39cb12f6b6e98dd2f80bb033e0c7b845. It is advisable to upgrade the affected component.
| CWE | CWE-79 CWE-94 |
| Vendor | n/a |
| Product | projectsend |
| Published | Nov 16, 2025 |
| Last Updated | Feb 24, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a projectsend
Be the first to know when new low vulnerabilities affecting n/a projectsend are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
n/a / projectsend
r1720
References
vuldb.com: https://vuldb.com/?id.332558 vuldb.com: https://vuldb.com/?ctiid.332558 vuldb.com: https://vuldb.com/?submit.686533 github.com: https://github.com/projectsend/projectsend/pull/1450 github.com: https://github.com/projectsend/projectsend/commit/334da1ea39cb12f6b6e98dd2f80bb033e0c7b845 github.com: https://github.com/projectsend/projectsend/releases/tag/r1945 github.com: https://github.com/projectsend/projectsend/
Credits
Raducu Alexandru-ionut ๐ Xoriath (VulDB User)