CVE-2024-48706Cross-site Scripting in Collabtive

CWE-79Cross-site ScriptingCWE-208Observable Timing Discrepancy4 documents4 sources
Severity
5.4MEDIUMNVD
EPSS
0.2%
top 55.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
O-dyn Collabtive
Timeline
PublishedOct 22
Latest updateNov 5

Description

Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the title parameter with action=add or action=editform within the (a) managemessage.php file and (b) managetask.php file respectively.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-jp89-qg38-336v: Collabtive 32024-10-22
OSV
CVE-2024-48706: Collabtive 32024-10-22

📋Vendor Advisories

1
Red Hat
kernel: x86/lam: Disable ADDRESS_MASKING in most cases2024-11-05
CVE-2024-48706 — Cross-site Scripting in Collabtive | cvebase