Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-5284Cross-site Scripting in Collabtive

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
8.5%
top 7.63%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
O-dyn Collabtive
Timeline
PublishedNov 26
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) User parameter in the edit user profile feature to manageuser.php, (2) y parameter in a newcal action to manageajax.php, and the (3) pic parameter to thumb.php.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDo-dyn/collabtive0.6.5

🔴Vulnerability Details

1
GHSA
GHSA-3rqf-jvj8-6ppq: Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 02022-05-17

💥Exploits & PoCs

1
Exploit-DB
Collabtive 0.65 - Multiple Vulnerabilities2010-10-12
CVE-2010-5284 — Cross-site Scripting in Collabtive | cvebase