Description

Cross-site scripting (XSS) vulnerability in Collabtive 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the desc parameter in an Add project (addpro) action to admin.php.

Remediation

References

CVE-2014-3247

Related Vulnerabilities

Joomla! Core 3.0.x Cross-Site Scripting (3.0.0 - 3.0.3)

Django Improper Authentication Vulnerability (CVE-2013-1443)

WordPress Plugin Contact Form by WD-responsive drag & drop contact form builder tool Cross-Site Scripting (1.7.18)

WordPress Plugin Frontend File Manager Arbitrary File Upload (3.9)

WordPress Plugin JSM file_get_contents() Shortcode Server-Side Request Forgery (2.7.0)

Severity

Medium

Classification

CVE-2014-3247 CWE-707

Tags

Missing Update Known Vulnerabilities