CVE-2015-0258 — CVSS 8.8 (high): Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote…
CVE-2010-4269 — CVSS 7.5 (high): SQL injection vulnerability in managechat.php in Collabtive 0.65 allows remote attackers to execute arbitrary SQL commands via the…
CVE-2010-5285 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in admin.php in Collabtive 0.6.5 allows remote attackers to hijack the authentication of…
CVE-2013-6872 — CVSS 6.5 (medium): SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL…
CVE-2014-3246 — CVSS 6.5 (medium): SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter…
CVE-2012-2670 — CVSS 6.5 (medium): manageuser.php in Collabtive before 0.7.6 allows remote authenticated users, and possibly unauthenticated attackers, to bypass intended…
CVE-2020-13655 — CVSS 6.1 (medium): An issue was discovered in Collabtive 3.0 and later. managefile.php is vulnerable to XSS: when the action parameter is set to movefile and…
CVE-2024-48708 — CVSS 5.4 (medium): Collabtive 3.1 is vulnerable to Cross-Site Scripting (XSS) via the name parameter in (a) file tasklist.php under action = add/edit and in…
CVE-2021-3298 — CVSS 5.4 (medium): Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the…
CVE-2024-48706 — CVSS 5.4 (medium): Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the title parameter with action=add or action=editform within the (a)…
CVE-2024-48707 — CVSS 5.4 (medium): Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under (a) action=add or action=edit within…
CVE-2024-46240 — CVSS 4.8 (medium): Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under action=system and the company/contact parameters…
CVE-2010-5284 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 0.6.5 allow remote attackers to inject arbitrary web script or HTML via…
CVE-2014-3247 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Collabtive 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the…