← back
CVE-2020-13655

CVE-2020-13655

EPSS 0.7%
An issue was discovered in Collabtive 3.0 and later. managefile.php is vulnerable to XSS: when the action parameter is set to movefile and the id parameter corresponds to a project the current user has access to, the file and target parameters are reflected.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://sisl.lab.uic.edu/projects/chess/cross-site-scripting-in-collabtive/http://www.collabtive.o-dyn.de/blog/