WEB APPLICATION VULNERABILITIES Standard & Premium

Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13655)

Description

An issue was discovered in Collabtive 3.0 and later. managefile.php is vulnerable to XSS: when the action parameter is set to movefile and the id parameter corresponds to a project the current user has access to, the file and target parameters are reflected.

Remediation

References

Related Vulnerabilities

WebLogic CVE-2018-2625 Vulnerability (CVE-2018-2625)

WordPress Plugin Social Media Widget by Acurax Cross-Site Request Forgery (3.2.5)

Oracle Database Server CVE-2010-2411 Vulnerability (CVE-2010-2411)

Oracle Database Server CVE-2018-3004 Vulnerability (CVE-2018-3004)

WordPress Plugin Htaccess by BestWebSoft Cross-Site Scripting (1.4)

Severity

Medium

Classification

CVE-2020-13655 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities