EUVD-2019-18323

Malware in sbrugna...

CVE-2019-8935

Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter...

CVE-2021-3298

Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter...

Cross site scripting

Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter...

CVE-2021-3298

Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter...

CVE-2021-3298

CVE-2021-3298 affects Collabtive 3.1 where an authenticated user can trigger a persistent XSS by submitting a payload in the Address field during profile editing (manageuser.php?action=edit address1). Multiple connected sources (e.g., Exploit-DB entry for the 3.1 XSS payload, Red Hat/NVD/NASL-sty...

CVE-2021-3298

Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter...

Collabtive Code Issue Vulnerability

Collabtive is a web-based project management system. The system includes features such as project management, document management and time tracking. A code issue vulnerability exists in the avatar upload function of the manageuser.php file in Collabtive versions prior to 2.1, which can be exploit...

CVE-2015-0258

Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a 1 .php3, 2 .php4, 3 .php5, or 4 .phtml extension...

UBUNTU-CVE-2015-0258

Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a 1 .php3, 2 .php4, 3 .php5, or 4 .phtml extension...

CVE-2015-0258

Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a 1 .php3, 2 .php4, 3 .php5, or 4 .phtml extension...

Cross site scripting

Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter...

CVE-2019-8935

Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter...

CVE-2019-8935

Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter...

CVE-2019-8935

CVE-2019-8935 corresponds to a stored/reflected XSS in Collabtive 3.1. The vulnerability is triggered via the manageuser.php?action=profile id parameter, allowing injection that could affect an authenticated user. Connected sources provide multiple vendor/cve references confirming the XSS impact ...

Collabtive 1.0 (manageuser.php, task param) - SQL Injection Vulnerability

No description provided by source. Exploit Title: Collabtive 1.0 SQLi Date: 06/17/2013 Exploit Author: drone @dronesec More information: http://forelsec.blogspot.com/2013/06/collabtive-10-sqli.html Vendor homepage: http://collabtive.o-dyn.de/ Software link:...

CVE-2010-5284

Multiple cross-site scripting XSS vulnerabilities in Collabtive 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the 1 User parameter in the edit user profile feature to manageuser.php, 2 y parameter in a newcal action to manageajax.php, and the 3 pic parameter to thumb.php...

CVE-2010-5284

Multiple cross-site scripting XSS vulnerabilities in Collabtive 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the 1 User parameter in the edit user profile feature to manageuser.php, 2 y parameter in a newcal action to manageajax.php, and the 3 pic parameter to thumb.php...