Vulnerability Description
Cross-site scripting (XSS) vulnerability in Collabtive 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the desc parameter in an Add project (addpro) action to admin.php.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| O-Dyn | Collabtive | 1.2 |
Related Weaknesses (CWE)
References
- http://www.exploit-db.com/exploits/33250Exploit
- http://www.securityfocus.com/bid/67343
- http://www.exploit-db.com/exploits/33250Exploit
- http://www.securityfocus.com/bid/67343
FAQ
What is CVE-2014-3247?
CVE-2014-3247 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in Collabtive 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the desc parameter in an Add project (addpro) action to admin.ph...
How severe is CVE-2014-3247?
CVE-2014-3247 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3247?
Check the references section above for vendor advisories and patch information. Affected products include: O-Dyn Collabtive.