CVE-2024-48708 — Cross-site Scripting in Collabtive

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 55.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

O-dyn Collabtive

Timeline

PublishedOct 22

Description

Collabtive 3.1 is vulnerable to Cross-Site Scripting (XSS) via the name parameter in (a) file tasklist.php under action = add/edit and in (b) file admin.php under action = adduser/edituser.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

▶NVDo-dyn/collabtive3.1

🔴Vulnerability Details

OSV

CVE-2024-48708: Collabtive 3↗2024-10-22

▶

GHSA

GHSA-69wp-fr5p-gf28: Collabtive 3↗2024-10-22

▶