CVE-2008-6946

Collabtive 0.4.8 - Stored Cross-Site Scripting in Project Name via manageproject.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6946. PoCs published by USH.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple vulnerabilities in Collabtive 0.4.8, including stored XSS, authentication bypass, and arbitrary file upload. It provides root cause analysis, exploitation steps, and technical details without functional exploit code.

Description

Cross-site scripting (XSS) vulnerability in manageproject.php in Collabtive 0.4.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via the project Name, which is not properly handled when the administrator performs an editform action, related to admin.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by USH · textwebappsphp
https://www.exploit-db.com/exploits/7076

This is a detailed technical writeup describing multiple vulnerabilities in Collabtive 0.4.8, including stored XSS, authentication bypass, and arbitrary file upload. It provides root cause analysis, exploitation steps, and technical details without functional exploit code.

Classification
Writeup 100%
Attack Type
Xss | Auth Bypass | Other
Complexity
Moderate
Reliability
Reliable
Target: Collabtive 0.4.8
Auth required
Prerequisites: Administrator access for XSS · No authentication for auth bypass · Project assignment for file upload
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46496
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7076
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/498186/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32229

Scores

EPSS 0.0343
EPSS Percentile 87.4%

Details

CWE
CWE-79
Status published
Products (1)
collabtive/collabtive 0.4.8
Published Aug 12, 2009
Tracked Since Feb 18, 2026