CRLF injection vulnerability in help/help_language.php in WebCollab 3.30 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the item parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| andrew_simpson | webcollab | 2.31 |
| andrew_simpson | webcollab | 1.50 |
| andrew_simpson | webcollab | 2.30 |
| andrew_simpson | webcollab | 1.71 |
| andrew_simpson | webcollab | 3.10 |
| andrew_simpson | webcollab | 1.71a |
| andrew_simpson | webcollab | 1.30 |
| andrew_simpson | webcollab | 1.80 |
| andrew_simpson | webcollab | 2.00 |
| andrew_simpson | webcollab | 1.3 |
| andrew_simpson | webcollab | 3.21 |
| andrew_simpson | webcollab | 1.70 |
| andrew_simpson | webcollab | 2.40 |
| andrew_simpson | webcollab | * |
| andrew_simpson | webcollab | 1.61 |
| andrew_simpson | webcollab | 2.71 |
| andrew_simpson | webcollab | 2.50 |
| andrew_simpson | webcollab | 1.42 |
| andrew_simpson | webcollab | 1.62a |
| andrew_simpson | webcollab | 2.61 |
| andrew_simpson | webcollab | 2.60 |
| andrew_simpson | webcollab | 1.31 |
| andrew_simpson | webcollab | 2.20 |
| andrew_simpson | webcollab | 2.01 |
| andrew_simpson | webcollab | 3.20 |
| andrew_simpson | webcollab | 1.51 |
| andrew_simpson | webcollab | 1.62 |
| andrew_simpson | webcollab | 1.41 |
| andrew_simpson | webcollab | 1.60 |
| andrew_simpson | webcollab | 1.60a |
| andrew_simpson | webcollab | 2.10 |
| andrew_simpson | webcollab | 3.00 |
| andrew_simpson | webcollab | 1.40 |
| andrew_simpson | webcollab | 1.81 |
| andrew_simpson | webcollab | 1.32 |
| andrew_simpson | webcollab | 2.11 |
| andrew_simpson | webcollab | 2.70 |