6 matches found
CVE-2024-48707
Collabtive 3.1 is vulnerable to Cross-site scripting XSS via the name parameter under a action=add or action=edit within managemilestone.php file and b action=addpro within admin.php file...
CVE-2024-48707
Collabtive 3.1 is vulnerable to Cross-site scripting XSS via the name parameter under a action=add or action=edit within managemilestone.php file and b action=addpro within admin.php file...
CVE-2024-48707
CVE-2024-48707 affects Collabtive 3.1. The vulnerability is an XSS in the web UI triggered by the name parameter in two endpoints: (a) managemilestone.php when action=add or action=edit, and (b) admin.php when action=addpro. The underlying cause is unsanitized/unvalidated input in these parameter...
CVE-2024-48707
Collabtive 3.1 is vulnerable to Cross-site scripting XSS via the name parameter under a action=add or action=edit within managemilestone.php file and b action=addpro within admin.php file...
CVE-2024-48707
Collabtive 3.1 is vulnerable to Cross-site scripting XSS via the name parameter under a action=add or action=edit within managemilestone.php file and b action=addpro within admin.php file...
Collabtive 1.x Multiple vulnerabilities
Уязвимость позволяет удаленному пользователю выполнить произвольные SQL команды в базе данных приложения. 1. Уязвимость существует из-за недостаточной обработки входных данных в HTTP POST параметре "name" в managetask.php, managemilestone.php и manageproject.php когда "action" установлен в "edit"...