CVE-2021-3298

Опубликовано: 29 янв. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter.

Ссылки

https://collabtive.o-dyn.de/forum/viewforum.php?f=6
Vendor Advisory
https://www.exploit-db.com/exploits/49468
Exploit
Third Party Advisory
VDB Entry
https://collabtive.o-dyn.de/forum/viewforum.php?f=6
Vendor Advisory
https://www.exploit-db.com/exploits/49468
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:o-dyn:collabtive:3.1:*:*:*:*:*:*:*

EPSS

Процентиль: 37%

0.00163

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-3298

CVSS3: 5.4

ubuntu

около 5 лет назад

Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter.

CVE-2021-3298

CVSS3: 5.4

debian

около 5 лет назад

Collabtive 3.1 allows XSS when an authenticated user enters an XSS pay ...

GHSA-4qgw-rh8c-x346

github

больше 3 лет назад

Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter.

EPSS

Процентиль: 37%

0.00163

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79