Collabtive Cross Site Scripting and HTML Injection Vulnerabilities

Attackers can use a browser to exploit these issues. To exploit a cross-site scripting vulnerability, an attacker must entice an unsuspecting user to follow a malicious URI.

Enter the value <script>alert(/SV/)</script> in the username field under the "change username" functionality.

Cross-site scripting:
The following example URIs are available:<script>alert(/XSS/)</script><script>alert(/XSS/)</script>


Privacy Statement
Copyright 2010, SecurityFocus