Collabtive Cross Site Scripting And HTML Injection Vulnerabilities Network Vulnerability

Summary

Collabtive is prone to multiple cross-site scripting vulnerabilities and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. Collabtive 0.65 is vulnerable prior versions may also be affected.

References

http://www.collabtive.com/
https://www.securityfocus.com/bid/44050

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability

Collabtive Cross Site Scripting and HTML Injection Vulnerabilities

Take action and discover your vulnerabilities