Filtered by vendor O-dyn
Subscribe
Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3298 | 1 O-dyn | 1 Collabtive | 2021-01-29 | 3.5 LOW | 5.4 MEDIUM |
| Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter. | |||||
| CVE-2020-13655 | 1 O-dyn | 1 Collabtive | 2020-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Collabtive 3.0 and later. managefile.php is vulnerable to XSS: when the action parameter is set to movefile and the id parameter corresponds to a project the current user has access to, the file and target parameters are reflected. | |||||
| CVE-2019-8935 | 1 O-dyn | 1 Collabtive | 2019-02-19 | 3.5 LOW | 5.4 MEDIUM |
| Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter. | |||||