CVE-2024-46240

Name of the Vulnerable Software and Affected Versions Collabtive version 3.1

Description The issue is related to Cross-site scripting (XSS) via specific parameters within the admin.php file. Specifically, the name parameter under action=system and the company and contact parameters under action=addcust are vulnerable. This allows for potential XSS attacks.

Recommendations For Collabtive version 3.1, consider restricting access to the admin.php file and avoid using the vulnerable parameters name, company, and contact in the affected actions until a patch is available. As a temporary workaround, consider disabling the action=system and action=addcust functionalities within the admin.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.