EIP-2026-111535

This is a functional proof-of-concept for a stored XSS vulnerability in Projectsend r1295. The exploit demonstrates how an attacker can inject malicious JavaScript into the 'name' field of a file edit request, which is then executed when viewed by a System Administrator on the Dashboard page.