CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3298 – Collabtive 3.1 - 'address' Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-3298
Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter. Collabtive versión 3.1, permite un ataque de tipo XSS cuando un usuario autenticado ingresa una carga útil de tipo XSS en la sección de dirección de la página de edición de perfil, también se conoce como el parámetro address1 de manageuser.php?action=edit • https://www.exploit-db.com/exploits/49468 https://collabtive.o-dyn.de/forum/viewforum.php?f=6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-8935 – Collabtive 3.1 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-8935
Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter. La versión 3.1 de Collabtive permite Cross-Site Scripting (XSS) mediante el parámetro id en manageuser.php?action=profile. Collabtive version 3.1 suffers from a cross site scripting vulnerability. • https://www.netsparker.com/web-applications-advisories/ns-18-052-reflected-cross-site-scripting-in-collabtive • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •