CVE-2025-13232
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-16

Last updated on: 2026-04-29

Assigner: VulDB

Description
A flaw has been found in projectsend up to r1720. Impacted is an unknown function of the component File Editor/Custom Download Aliases. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. Upgrading to version r1945 is recommended to address this issue. Patch name: 334da1ea39cb12f6b6e98dd2f80bb033e0c7b845. It is advisable to upgrade the affected component.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-16
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-11-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-13232
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
projectsend projectsend *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

The vulnerability can allow an attacker to execute cross-site scripting attacks remotely, which may lead to the injection of malicious scripts into the affected application. This can result in limited integrity impact, such as unauthorized script execution in the context of the user, potentially leading to session hijacking or other malicious actions. However, there is no direct impact on confidentiality or availability according to the CVSS scores.

Executive Summary

This vulnerability is a flaw in the projectsend software up to revision 1720, specifically in an unknown function related to the File Editor/Custom Download Aliases component. It allows an attacker to perform a cross-site scripting (XSS) attack remotely by manipulating this component. The vulnerability has been publicly disclosed and an exploit exists. Upgrading to version r1945 is recommended to fix this issue.

Mitigation Strategies

The recommended immediate step to mitigate this vulnerability is to upgrade projectsend to version r1945 or later, as this version addresses the issue. Applying the patch named 334da1ea39cb12f6b6e98dd2f80bb033e0c7b845 is also advisable.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-13232. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart