neilthimmaiah01/Collabtive_StoredXSS

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-48706 ↗	Oct 22, 2024Tuesday, 22 October 2024, 17:15	5.4 MEDIUM	—
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the title parameter with action=add or action=editform within the (a) managemessage.php file and (b) managetask.php file respectively.
CVE-2024-48707 ↗	Oct 22, 2024Tuesday, 22 October 2024, 17:15	5.4 MEDIUM	—
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under (a) action=add or action=edit within managemilestone.php file and (b) action=addpro within admin.php file.
CVE-2024-48708 ↗	Oct 22, 2024Tuesday, 22 October 2024, 17:15	5.4 MEDIUM	—
Collabtive 3.1 is vulnerable to Cross-Site Scripting (XSS) via the name parameter in (a) file tasklist.php under action = add/edit and in (b) file admin.php under action = adduser/edituser.
CVE-2024-46240 ↗	Oct 22, 2024Tuesday, 22 October 2024, 16:15	4.8 MEDIUM	—
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under action=system and the company/contact parameters under action=addcust within admin.php file.