Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2024-10-22	CVE-2024-48706	Cross-site Scripting vulnerability in O-Dyn Collabtive 3.1 Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the title parameter with action=add or action=editform within the (a) managemessage.php file and (b) managetask.php file respectively. network low complexity o-dyn CWE-79	5.4
2024-10-22	CVE-2024-48707	Cross-site Scripting vulnerability in O-Dyn Collabtive 3.1 Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under (a) action=add or action=edit within managemilestone.php file and (b) action=addpro within admin.php file. network low complexity o-dyn CWE-79	5.4
2024-10-22	CVE-2024-48708	Cross-site Scripting vulnerability in O-Dyn Collabtive 3.1 Collabtive 3.1 is vulnerable to Cross-Site Scripting (XSS) via the name parameter in (a) file tasklist.php under action = add/edit and in (b) file admin.php under action = adduser/edituser. network low complexity o-dyn CWE-79	5.4
2024-10-22	CVE-2024-46240	Cross-site Scripting vulnerability in O-Dyn Collabtive 3.1 Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under action=system and the company/contact parameters under action=addcust within admin.php file. network low complexity o-dyn CWE-79	4.8
2021-01-29	CVE-2021-3298	Cross-site Scripting vulnerability in O-Dyn Collabtive 3.1 Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter. network low complexity o-dyn CWE-79	5.4
2020-08-31	CVE-2020-13655	Cross-site Scripting vulnerability in O-Dyn Collabtive 3.0/3.1 An issue was discovered in Collabtive 3.0 and later. network low complexity o-dyn CWE-79	6.1
2019-02-19	CVE-2019-8935	Cross-site Scripting vulnerability in O-Dyn Collabtive 3.1 Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter. network low complexity o-dyn CWE-79	5.4