Vulnerabilities > O DYN > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-10-22 CVE-2024-48706 Cross-site Scripting vulnerability in O-Dyn Collabtive 3.1
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the title parameter with action=add or action=editform within the (a) managemessage.php file and (b) managetask.php file respectively.
network
low complexity
o-dyn CWE-79
5.4
5.4
2024-10-22 CVE-2024-48707 Cross-site Scripting vulnerability in O-Dyn Collabtive 3.1
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under (a) action=add or action=edit within managemilestone.php file and (b) action=addpro within admin.php file.
network
low complexity
o-dyn CWE-79
5.4
5.4
2024-10-22 CVE-2024-48708 Cross-site Scripting vulnerability in O-Dyn Collabtive 3.1
Collabtive 3.1 is vulnerable to Cross-Site Scripting (XSS) via the name parameter in (a) file tasklist.php under action = add/edit and in (b) file admin.php under action = adduser/edituser.
network
low complexity
o-dyn CWE-79
5.4
5.4
2024-10-22 CVE-2024-46240 Cross-site Scripting vulnerability in O-Dyn Collabtive 3.1
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under action=system and the company/contact parameters under action=addcust within admin.php file.
network
low complexity
o-dyn CWE-79
4.8
4.8
2020-08-31 CVE-2020-13655 Cross-site Scripting vulnerability in O-Dyn Collabtive 3.0/3.1
An issue was discovered in Collabtive 3.0 and later.
network
o-dyn CWE-79
4.3
4.3
2020-02-17 CVE-2015-0258 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension.
network
low complexity
o-dyn debian canonical CWE-434
6.5
6.5
2014-05-15 CVE-2014-3247 Cross-Site Scripting vulnerability in O-Dyn Collabtive 1.2
Cross-site scripting (XSS) vulnerability in Collabtive 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the desc parameter in an Add project (addpro) action to admin.php.
network
o-dyn CWE-79
4.3
4.3
2014-05-13 CVE-2014-3246 SQL Injection vulnerability in O-Dyn Collabtive 1.2
SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileview_list action to manageajax.php.
network
low complexity
o-dyn CWE-89
6.5
6.5
2014-01-21 CVE-2013-6872 SQL Injection vulnerability in O-Dyn Collabtive
SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action.
network
low complexity
o-dyn CWE-89
6.5
6.5
2012-11-26 CVE-2010-5285 Cross-Site Request Forgery (CSRF) vulnerability in O-Dyn Collabtive 0.6.5
Cross-site request forgery (CSRF) vulnerability in admin.php in Collabtive 0.6.5 allows remote attackers to hijack the authentication of administrators for requests that add administrative users via the edituser action.
network
o-dyn CWE-352
6.8
6.8