Shodan
Vulnerabilities
Vulnerable Software
O-Dyn:  >> Collabtive  Security Vulnerabilities
CVE-2024-48706
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the title parameter with action=add or action=editform within the (a) managemessage.php file and (b) managetask.php file respectively.
CVSS Score
5.4
EPSS Score
0.0
Published
2024-10-22
CVE-2024-48707
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under (a) action=add or action=edit within managemilestone.php file and (b) action=addpro within admin.php file.
CVSS Score
5.4
EPSS Score
0.0
Published
2024-10-22
CVE-2024-48708
Collabtive 3.1 is vulnerable to Cross-Site Scripting (XSS) via the name parameter in (a) file tasklist.php under action = add/edit and in (b) file admin.php under action = adduser/edituser.
CVSS Score
5.4
EPSS Score
0.0
Published
2024-10-22
CVE-2024-46240
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under action=system and the company/contact parameters under action=addcust within admin.php file.
CVSS Score
4.8
EPSS Score
0.0
Published
2024-10-22
CVE-2021-3298
Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-01-29
CVE-2020-13655
An issue was discovered in Collabtive 3.0 and later. managefile.php is vulnerable to XSS: when the action parameter is set to movefile and the id parameter corresponds to a project the current user has access to, the file and target parameters are reflected.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-08-31
CVE-2015-0258
Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension.
CVSS Score
8.8
EPSS Score
0.135
Published
2020-02-17
CVE-2013-5027
Collabtive 1.0 has incorrect access control
CVSS Score
9.8
EPSS Score
0.004
Published
2019-12-27
CVE-2019-8935
Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-02-19
CVE-2014-3247
Cross-site scripting (XSS) vulnerability in Collabtive 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the desc parameter in an Add project (addpro) action to admin.php.
CVSS Score
4.3
EPSS Score
0.008
Published
2014-05-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved