CVE-2014-3247
Collabtive 1.2 contains a Stored XSS in the Add Project (admin.php?action=addpro) path. The desc parameter value is copied into the HTML document as plain text between tags, allowing arbitrary JavaScript execution. Affected product/version: Collabtive 1.12; fixed in version 2.0. Impact: authentic...