Vulnerabilities
Vulnerable Software
O-Dyn:  >> Collabtive  >> 3.1  Security Vulnerabilities
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the title parameter with action=add or action=editform within the (a) managemessage.php file and (b) managetask.php file respectively.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-10-22
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under (a) action=add or action=edit within managemilestone.php file and (b) action=addpro within admin.php file.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-10-22
Collabtive 3.1 is vulnerable to Cross-Site Scripting (XSS) via the name parameter in (a) file tasklist.php under action = add/edit and in (b) file admin.php under action = adduser/edituser.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-10-22
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under action=system and the company/contact parameters under action=addcust within admin.php file.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-10-22
Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-01-29
An issue was discovered in Collabtive 3.0 and later. managefile.php is vulnerable to XSS: when the action parameter is set to movefile and the id parameter corresponds to a project the current user has access to, the file and target parameters are reflected.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-08-31
Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-02-19


Contact Us

Shodan ® - All rights reserved