Security Advisory

CVE-2023-53905

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-17 22:44:44

Last updated 2026-04-07 14:07:27

Assigner VulnCheck

State PUBLISHED

Description

ProjectSend r1605 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into user profile names. Attackers can craft payloads like =calc|a!z| in the name field to trigger code execution when administrators export action logs as CSV files.

← Browse all CVEs View on cve.org ↗