CVE-2023-53906
BaseFortify
Publication date: 2025-12-17
Last updated on: 2025-12-27
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| projectsend | projectsend | r1605 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stored cross-site scripting (XSS) issue in projectSend r1605. Authenticated administrators can inject malicious JavaScript code through the custom assets configuration page. When other users load the affected page, the injected script executes, allowing persistent script injection.
How can this vulnerability impact me? :
The vulnerability can allow attackers to execute malicious scripts in the context of other users' browsers. This can lead to theft of sensitive information, session hijacking, or unauthorized actions performed on behalf of users, potentially compromising the security and integrity of the application and its users.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To detect this vulnerability, you can verify if the projectSend instance is running version r1605 and check for the presence of malicious JavaScript injected via the custom assets page. One approach is to log in as an authenticated admin and inspect the custom assets at `/custom-assets.php` or `/custom-assets-add.php?language=js` for suspicious JavaScript payloads such as alert("XSS"). You can also monitor HTTP POST requests to `/custom-assets-add.php` containing parameters like `language=js`, `content` with JavaScript code, and `location=public`. For example, using curl to fetch the custom assets page and grep for suspicious scripts: `curl -s -b cookies.txt https://yourprojectsend/custom-assets.php | grep '<script>'`. Additionally, reviewing logs for POST requests injecting JavaScript payloads can help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting admin access to trusted users only, as the vulnerability requires authenticated administrator privileges to inject malicious scripts. Disable or restrict the use of the custom assets feature if possible. Apply input validation and sanitization on the custom assets configuration page to prevent JavaScript injection. If a patch or updated version is available from the vendor, apply it promptly. Additionally, monitor and audit custom assets for unauthorized or suspicious JavaScript code and remove any malicious entries. [1, 2]