← voltar
CVE-2020-13655

CVE-2020-13655

EPSS 0.7%
An issue was discovered in Collabtive 3.0 and later. managefile.php is vulnerable to XSS: when the action parameter is set to movefile and the id parameter corresponds to a project the current user has access to, the file and target parameters are reflected.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://sisl.lab.uic.edu/projects/chess/cross-site-scripting-in-collabtive/http://www.collabtive.o-dyn.de/blog/