Vulnerability Details CVE-2009-1773
activeCollab 2.1 Corporate allows remote attackers to obtain sensitive information via an invalid re_route parameter to the login script, which reveals the installation path in an error message.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.3%
CVSS Severity
CVSS v2 Score 5.0
References
- http://pridels-team.blogspot.com/2009/05/activecollab-xss-and-full-path.html
- http://secunia.com/advisories/35079
- http://www.securityfocus.com/bid/35022
- http://pridels-team.blogspot.com/2009/05/activecollab-xss-and-full-path.html
- http://secunia.com/advisories/35079
- http://www.securityfocus.com/bid/35022
Products affected by CVE-2009-1773
-
cpe:2.3:a:activecollab:activecollab:2.1.0