Description

An issue was discovered in Collabtive 3.0 and later. managefile.php is vulnerable to XSS: when the action parameter is set to movefile and the id parameter corresponds to a project the current user has access to, the file and target parameters are reflected.

Remediation

References

CVE-2020-13655

Related Vulnerabilities

Roundcube Resource Management Errors Vulnerability (CVE-2008-5620)

WordPress Plugin SAM Pro (Free Edition) Local File Inclusion (1.9.6.67)

WordPress Plugin Battle Suit for Divi Security Bypass (1.10.1)

OpenSSL Double Free Vulnerability (CVE-2003-0545)

Internet Information Services CVE-2006-6578 Vulnerability (CVE-2006-6578)

Severity

Medium

Classification

CVE-2020-13655 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities