OpenCollab version 1.4.3 suffers from a persistent cross site scripting vulnerability.
47923527fa2c7f8f20ebe1a0ace855f08e55c50ba820fb32498c031b173b52a2
------------------------------------------------------------------------
Software................OpenCollab 1.4.3
Vulnerability...........Persistent Cross-site Scripting
Threat Level............Moderate (2/5)
Download................https://www.opencollab.de/
Vendor Contact Date.....3/10/2011
Disclosure Date.........3/24/2011
Tested On...............Windows Vista + XAMPP
------------------------------------------------------------------------
Author..................AutoSec Tools
Site....................https://www.autosectools.com/
Email...................John Leitch <john@autosectools.com>
------------------------------------------------------------------------
--Description--
A persistent cross-site scripting vulnerability in OpenCollab 1.4.3
can be exploited to execute arbitrary JavaScript.
--Exploit--
Data submitted to several fields of the user profile is not properly
sanitized and is displayed unencoded throughout the application.
--PoC--
<script>alert(0)</script>