Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1454

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-1454
Last Modified 28 Apr 2009 12:00:00
Published 28 Apr 2009 12:30:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-1454

Summary

Cross-site scripting (XSS) vulnerability in tasks.php in WebCollab before 2.50 (aka Billy Goat) allows remote attackers to inject arbitrary web script or HTML via the selection parameter in a todo action.

Vulnerable Systems

Application

  • Andrew Simpson Webcollab 2.20

  • Andrew Simpson Webcollab 2.30

  • Andrew Simpson Webcollab 2.31

  • Andrew Simpson Webcollab 2.40


References

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=676245&group_id=75945

MISC - http://holisticinfosec.org/content/view/108/45/

XF - webcollab-tasks-xss(49939)

BID - 34576

OSVDB - 53780

SECUNIA - 34568


Last Updated: 27 May 2016 10:50:34