Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Collabtive
(O\-Dyn)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 16 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2024-10-22 | CVE-2024-46240 | Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under action=system and the company/contact parameters under action=addcust within admin.php file. | Collabtive | 4.8 | ||
2024-10-22 | CVE-2024-48706 | Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the title parameter with action=add or action=editform within the (a) managemessage.php file and (b) managetask.php file respectively. | Collabtive | 5.4 | ||
2024-10-22 | CVE-2024-48707 | Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under (a) action=add or action=edit within managemilestone.php file and (b) action=addpro within admin.php file. | Collabtive | 5.4 | ||
2024-10-22 | CVE-2024-48708 | Collabtive 3.1 is vulnerable to Cross-Site Scripting (XSS) via the name parameter in (a) file tasklist.php under action = add/edit and in (b) file admin.php under action = adduser/edituser. | Collabtive | 5.4 | ||
2020-02-17 | CVE-2015-0258 | Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension. | Ubuntu_linux, Debian_linux, Collabtive | 8.8 | ||
2021-01-29 | CVE-2021-3298 | Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter. | Collabtive | 5.4 | ||
2020-08-31 | CVE-2020-13655 | An issue was discovered in Collabtive 3.0 and later. managefile.php is vulnerable to XSS: when the action parameter is set to movefile and the id parameter corresponds to a project the current user has access to, the file and target parameters are reflected. | Collabtive | N/A | ||
2019-12-27 | CVE-2013-5027 | Collabtive 1.0 has incorrect access control | Collabtive | N/A | ||
2019-02-19 | CVE-2019-8935 | Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter. | Collabtive | 5.4 | ||
2014-05-15 | CVE-2014-3247 | Cross-site scripting (XSS) vulnerability in Collabtive 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the desc parameter in an Add project (addpro) action to admin.php. | Collabtive | N/A |