Unrated severityNVD Advisory· Published Aug 31, 2020· Updated Aug 4, 2024
CVE-2020-13655
CVE-2020-13655
Description
An issue was discovered in Collabtive 3.0 and later. managefile.php is vulnerable to XSS: when the action parameter is set to movefile and the id parameter corresponds to a project the current user has access to, the file and target parameters are reflected.
Affected products
2- Collabtive/Collabtivedescription
- Range: >=3.0
Patches
Vulnerability mechanics
References
2- www.collabtive.o-dyn.de/blog/mitrex_refsource_MISC
- sisl.lab.uic.edu/projects/chess/cross-site-scripting-in-collabtive/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.