CVE-2008-6946

Collabtive - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in manageproject.php in Collabtive 0.4.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via the project Name, which is not properly handled when the administrator performs an editform action, related to admin.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by USH · textwebappsphp

https://www.exploit-db.com/exploits/7076

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/46496

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/498186/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/32229

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/7076

Scores

EPSS 0.0384

EPSS Percentile 88.0%

Classification

CWE

CWE-79

Status published

Affected Products (2)

collabtive/collabtive

n/a/n/a

Timeline

Published Aug 12, 2009

Tracked Since Feb 18, 2026