Description: Application insert HTTP "y" parameter in "manageajax.php"
and HTTP "pic"
parameter in "thumb.php" into html output and fails while sanitize user
supplied these
inputs. Attackers can execute malicious javascript codes or hijacking
PHPSESSID for
privilege escalation.
Exploit/POC:
http://target/manageajax.php?action=newcal&y=<script>alert(/XSS/)</script>
http://target/thumb.php?pic=<script>alert(/XSS/)</script>
Description: Collabtive affects from Cross-site Request Forgery.
Technically, attacker
can create a specially crafted page and force collabtive administrators
to visit it and
can gain administrative privilege. For prevention from CSRF
vulnerabilities, application
needs anti-csrf token, captcha and asking old password for critical actions.
Exploit/POC:
http://www.anatoliasecurity.com/exploits/collabtive-csrf-xploit.txt
Description: Collabtive has Stored Cross-site Scripting vulnerability.
Every user can
change their usernames and application allows HTML codes and stores in
database.
Exploit/POC: Change username to "user<script>alert(/AS/)</script>".