Home / exploits OpenCollab 1.4.3 Cross Site Scripting
Posted on 24 March 2011
------------------------------------------------------------------------ Software................OpenCollab 1.4.3 Vulnerability...........Persistent Cross-site Scripting Threat Level............Moderate (2/5) Download................http://www.opencollab.de/ Vendor Contact Date.....3/10/2011 Disclosure Date.........3/24/2011 Tested On...............Windows Vista + XAMPP ------------------------------------------------------------------------ Author..................AutoSec Tools Site....................http://www.autosectools.com/ Email...................John Leitch <john@autosectools.com> ------------------------------------------------------------------------ --Description-- A persistent cross-site scripting vulnerability in OpenCollab 1.4.3 can be exploited to execute arbitrary JavaScript. --Exploit-- Data submitted to several fields of the user profile is not properly sanitized and is displayed unencoded throughout the application. --PoC-- <script>alert(0)</script>
