Vulnerability Details CVE-2009-1454
Cross-site scripting (XSS) vulnerability in tasks.php in WebCollab before 2.50 (aka Billy Goat) allows remote attackers to inject arbitrary web script or HTML via the selection parameter in a todo action.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.9%
CVSS Severity
CVSS v2 Score 4.3
References
- http://holisticinfosec.org/content/view/108/45/
- http://secunia.com/advisories/34568
- http://sourceforge.net/project/shownotes.php?release_id=676245&group_id=75945
- http://www.osvdb.org/53780
- http://www.securityfocus.com/bid/34576
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49939
- http://holisticinfosec.org/content/view/108/45/
- http://secunia.com/advisories/34568
- http://sourceforge.net/project/shownotes.php?release_id=676245&group_id=75945
- http://www.osvdb.org/53780
- http://www.securityfocus.com/bid/34576
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49939
Products affected by CVE-2009-1454
-
cpe:2.3:a:andrew_simpson:webcollab:1.3
-
cpe:2.3:a:andrew_simpson:webcollab:1.30
-
cpe:2.3:a:andrew_simpson:webcollab:1.31
-
cpe:2.3:a:andrew_simpson:webcollab:1.32
-
cpe:2.3:a:andrew_simpson:webcollab:1.40
-
cpe:2.3:a:andrew_simpson:webcollab:1.41
-
cpe:2.3:a:andrew_simpson:webcollab:1.42
-
cpe:2.3:a:andrew_simpson:webcollab:1.50
-
cpe:2.3:a:andrew_simpson:webcollab:1.51
-
cpe:2.3:a:andrew_simpson:webcollab:1.60
-
cpe:2.3:a:andrew_simpson:webcollab:1.60a
-
cpe:2.3:a:andrew_simpson:webcollab:1.61
-
cpe:2.3:a:andrew_simpson:webcollab:1.62
-
cpe:2.3:a:andrew_simpson:webcollab:1.62a
-
cpe:2.3:a:andrew_simpson:webcollab:1.70
-
cpe:2.3:a:andrew_simpson:webcollab:1.71
-
cpe:2.3:a:andrew_simpson:webcollab:1.71a
-
cpe:2.3:a:andrew_simpson:webcollab:1.80
-
cpe:2.3:a:andrew_simpson:webcollab:1.81
-
cpe:2.3:a:andrew_simpson:webcollab:2.00
-
cpe:2.3:a:andrew_simpson:webcollab:2.01
-
cpe:2.3:a:andrew_simpson:webcollab:2.10
-
cpe:2.3:a:andrew_simpson:webcollab:2.11
-
cpe:2.3:a:andrew_simpson:webcollab:2.20
-
cpe:2.3:a:andrew_simpson:webcollab:2.30
-
cpe:2.3:a:andrew_simpson:webcollab:2.31
-
cpe:2.3:a:andrew_simpson:webcollab:2.40