An issue exists in Collabtive 3.0 and later. managefile.php is vulnerable to XSS: when the action parameter is set to movefile and the id parameter corresponds to a project the current user has access to, the file and target parameters are reflected.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
o-dyn collabtive |