Published: 26/11/2012 Updated: 13/08/2013

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 0.6.5 allow remote malicious users to inject arbitrary web script or HTML via the (1) User parameter in the edit user profile feature to manageuser.php, (2) y parameter in a newcal action to manageajax.php, and the (3) pic parameter to thumb.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
o-dyn collabtive 0.6.5

Debian Bug report logs - #695348 collabtive: XSS and CSRF issues Package: collabtive; Maintainer for collabtive is Gunnar Wolf <gwolf@debianorg>; Source for collabtive is src:collabtive (PTS, buildd, popcon) Reported by: "Thijs Kinkhorst" <thijs@debianorg> Date: Fri, 7 Dec 2012 13:03:01 UTC Severity: important Ta ...

ANATOLIA SECURITY ADVISORY ------------------------------------ ### ADVISORY INFO ### + Title: Collabtive Multiple Vulnerabilities + Advisory URL: wwwanatoliasecuritycom/adv/as-adv-2010-003txt + Advisory ID: 2010-003 + Version: 065 + Date: 12/10/2010 + Impact: Gaining Administrative Privileges - Execute Malicious Javascript Codes + CWE ...

CWE-79 http://secunia.com/advisories/41805 http://packetstormsecurity.org/1010-exploits/collabtive-xssxsrf.txt http://www.securityfocus.com/bid/44050 http://www.anatoliasecurity.com/adv/as-adv-2010-003.txt http://www.exploit-db.com/exploits/15240 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695348 https://nvd.nist.gov https://www.exploit-db.com/exploits/15240/

CVE-2010-5284

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect