CVE-2008-6946

Cross-site scripting (XSS) vulnerability in manageproject.php in Collabtive 0.4.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via the project Name, which is not properly handled when the administrator performs an editform action, related to admin.php.
Configurations

Configuration 1 (hide)

cpe:2.3:a:collabtive:collabtive:0.4.8:*:*:*:*:*:*:*

History

21 Nov 2024, 00:57

Type Values Removed Values Added
References () http://www.securityfocus.com/archive/1/498186/100/0/threaded - () http://www.securityfocus.com/archive/1/498186/100/0/threaded -
References () http://www.securityfocus.com/bid/32229 - () http://www.securityfocus.com/bid/32229 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/46496 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/46496 -
References () https://www.exploit-db.com/exploits/7076 - () https://www.exploit-db.com/exploits/7076 -

Information

Published : 2009-08-12 10:30

Updated : 2024-11-21 00:57


NVD link : CVE-2008-6946

Mitre link : CVE-2008-6946

CVE.ORG link : CVE-2008-6946


JSON object : View

Products Affected

collabtive

  • collabtive
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')