2 matches found
CVE-2021-3298
Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter...
Collabtive 3.1 - 'address' Persistent Cross-Site Scripting
Exploit Title: Collabtive 3.1 - 'address' Persistent Cross-Site Scripting Date: 2021-01-23 Exploit Author: Deha Berkin Bir Vendor Homepage: https://collabtive.o-dyn.de/ Version: 3.1 Tested on: Windows & XAMPP CVE: CVE-2021-3298 == Tutorial Executed Payloads " onfocus="alert1" autofocus=" HTML...