Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
collabtive vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2014-3247
Cross-site scripting (XSS) vulnerability in Collabtive 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the desc parameter in an Add project (addpro) action to admin.php.
O-dyn Collabtive 1.2
1 EDB exploit
6.8
CVSSv2
CVE-2010-5285
Cross-site request forgery (CSRF) vulnerability in admin.php in Collabtive 0.6.5 allows remote malicious users to hijack the authentication of administrators for requests that add administrative users via the edituser action.
O-dyn Collabtive 0.6.5
1 EDB exploit
4.3
CVSSv2
CVE-2010-5284
Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 0.6.5 allow remote malicious users to inject arbitrary web script or HTML via the (1) User parameter in the edit user profile feature to manageuser.php, (2) y parameter in a newcal action to manageajax.php, and the...
O-dyn Collabtive 0.6.5
1 EDB exploit
3.5
CVSSv2
CVE-2021-3298
Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter.
O-dyn Collabtive 3.1
7.5
CVSSv2
CVE-2010-4269
SQL injection vulnerability in managechat.php in Collabtive 0.65 allows remote malicious users to execute arbitrary SQL commands via the chatstart[USERTOID] cookie in a pull action.
O-dyn Collabtive 0.6.5
1 EDB exploit
6.5
CVSSv2
CVE-2015-0258
Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive prior to 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension.
O-dyn Collabtive
Debian Debian Linux 8.0
Canonical Ubuntu Linux 16.04
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2