Vulnerability Details CVE-2008-6946
Cross-site scripting (XSS) vulnerability in manageproject.php in Collabtive 0.4.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via the project Name, which is not properly handled when the administrator performs an editform action, related to admin.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.03
EPSS Ranking 86.0%
CVSS Severity
CVSS v2 Score 4.3
References
- http://www.securityfocus.com/archive/1/498186/100/0/threaded
- http://www.securityfocus.com/bid/32229
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46496
- https://www.exploit-db.com/exploits/7076
- http://www.securityfocus.com/archive/1/498186/100/0/threaded
- http://www.securityfocus.com/bid/32229
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46496
- https://www.exploit-db.com/exploits/7076
Products affected by CVE-2008-6946
-
cpe:2.3:a:collabtive:collabtive:0.4.8