Description

Cross-site scripting (XSS) vulnerability in Collabtive 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the desc parameter in an Add project (addpro) action to admin.php.

Remediation

References

CVE-2014-3247

Related Vulnerabilities

WordPress 5.6.x Multiple Vulnerabilities (5.6 - 5.6.11)

PHP Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-11045)

Apache Tomcat Other Vulnerability (CVE-2011-1419)

WordPress Plugin Cardinity Payment Gateway for WooCommerce Cross-Site Scripting (3.0.6)

MySQL CVE-2014-0431 Vulnerability (CVE-2014-0431)

Severity

Medium

Classification

CVE-2014-3247 CWE-707

Tags

Missing Update Known Vulnerabilities