Collabtive Cross Site Scripting and HTML Injection Vulnerabilities
Attackers can use a browser to exploit these issues. To exploit a cross-site scripting vulnerability, an attacker must entice an unsuspecting user to follow a malicious URI.
Enter the value <script>alert(/SV/)</script> in the username field under the "change username" functionality.
The following example URIs are available: