Vulnerabilities (CVE)

Filtered by vendor O-dyn Subscribe

Filtered by product Collabtive

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-3298	1 O-dyn	1 Collabtive	2021-01-29	3.5 LOW	5.4 MEDIUM
Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter.
CVE-2020-13655	1 O-dyn	1 Collabtive	2020-09-03	4.3 MEDIUM	6.1 MEDIUM
An issue was discovered in Collabtive 3.0 and later. managefile.php is vulnerable to XSS: when the action parameter is set to movefile and the id parameter corresponds to a project the current user has access to, the file and target parameters are reflected.
CVE-2019-8935	1 O-dyn	1 Collabtive	2019-02-19	3.5 LOW	5.4 MEDIUM
Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter.