Unrated severityNVD Advisory· Published Apr 28, 2009· Updated Apr 23, 2026

CVE-2009-1454

Description

Cross-site scripting (XSS) vulnerability in tasks.php in WebCollab before 2.50 (aka Billy Goat) allows remote attackers to inject arbitrary web script or HTML via the selection parameter in a todo action.

Affected products

Andrew Simpson/Webcollab4 versions
cpe:2.3:a:andrew_simpson:webcollab:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:andrew_simpson:webcollab:*:*:*:*:*:*:*:*range: <=2.40
- cpe:2.3:a:andrew_simpson:webcollab:2.20:*:*:*:*:*:*:*
- cpe:2.3:a:andrew_simpson:webcollab:2.30:*:*:*:*:*:*:*
- cpe:2.3:a:andrew_simpson:webcollab:2.31:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

holisticinfosec.org/content/view/108/45/nvdPatch
sourceforge.net/project/shownotes.phpnvdPatch
secunia.com/advisories/34568nvdVendor Advisory
www.osvdb.org/53780nvd
www.securityfocus.com/bid/34576nvd
exchange.xforce.ibmcloud.com/vulnerabilities/49939nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000