Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-3247Cross-site Scripting in Collabtive

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
1.3%
top 20.03%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
O-dyn Collabtive
Timeline
PublishedMay 15
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in Collabtive 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the desc parameter in an Add project (addpro) action to admin.php.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-grc5-9gxr-3299: Cross-site scripting (XSS) vulnerability in Collabtive 12022-05-17

💥Exploits & PoCs

1
Exploit-DB
Collabtive 1.2 - Persistent Cross-Site Scripting2014-05-08
CVE-2014-3247 — Cross-site Scripting in Collabtive | cvebase