Cross-site scripting (XSS) vulnerability in ProjectSend before r1070 allows remote malicious users to inject arbitrary web script or HTML.
projectsend projectsend