Description
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under (a) action=add or action=edit within managemilestone.php file and (b) action=addpro within admin.php file.
Remediation
References
Related Vulnerabilities
WordPress Plugin Check & Log Email Cross-Site Scripting (0.3)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-4792)
WordPress Plugin SE HTML5 Album Audio Player Directory Traversal (1.1.0)
Roundcube Incorrect Resource Transfer Between Spheres Vulnerability (CVE-2026-35543)
WordPress Plugin Widget Logic Cross-Site Request Forgery (5.9.0)