{"id":"CVE-2017-9783","details":"Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in a Site name updated.","modified":"2026-03-14T09:26:50.566323Z","published":"2018-03-06T16:29:00.527Z","references":[{"type":"ADVISORY","url":"https://github.com/ignacionelson/ProjectSend/compare/448/commits"},{"type":"FIX","url":"https://github.com/ignacionelson/ProjectSend/pull/448/commits/6c3710430be26feb5371cb0377e5355d6f9a27ca"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/projectsend/projectsend","events":[{"introduced":"0"},{"last_affected":"b88065c57536e3dd5c717552bfb2042304c08197"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"r754"}]}}],"versions":["r559","r753","r754"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9783.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}