Deha Berkin Bir

**Name of the Vulnerable Software and Affected Versions** Collabtive version 3.1 **Description** The issue allows for XSS when an authenticated user enters an XSS payload into the address section of the profile edit page. Specifically, this occurs through the `address1` parameter in the `manageuser.php?action=edit` endpoint. **Recommendations** For Collabtive version 3.1, consider restricting access to the `manageuser.php?action=edit` endpoint until a patch is available, and avoid using the `address1` parameter in this endpoint to minimize the risk of exploitation.