CVE-2024-48706
published 2024-10-22CVE-2024-48706: Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the title parameter with action=add or action=editform within the (a) managemessage.php file and…
PriorityP423medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.34%
25.7th percentile
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the title parameter with action=add or action=editform within the (a) managemessage.php file and (b) managetask.php file respectively.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| o-dyn | collabtive | — | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
osv5.4MEDIUM
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jp89-qg38-336v: Collabtive 3
ghsa_unreviewed·2024-10-22
CVE-2024-48706 [MEDIUM] CWE-79 GHSA-jp89-qg38-336v: Collabtive 3
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the title parameter with action=add or action=editform within the (a) managemessage.php file and (b) managetask.php file respectively.
OSV
CVE-2024-48706: Collabtive 3
osv·2024-10-22·CVSS 5.4
CVE-2024-48706 [MEDIUM] CVE-2024-48706: Collabtive 3
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the title parameter with action=add or action=editform within the (a) managemessage.php file and (b) managetask.php file respectively.
Red Hat
kernel: x86/lam: Disable ADDRESS_MASKING in most cases
vendor_redhat·2024-11-05·CVSS 7.8
CVE-2024-50112 [HIGH] CWE-208 kernel: x86/lam: Disable ADDRESS_MASKING in most cases
kernel: x86/lam: Disable ADDRESS_MASKING in most cases
In the Linux kernel, the following vulnerability has been resolved:
x86/lam: Disable ADDRESS_MASKING in most cases
Linear Address Masking (LAM) has a weakness related to transient
execution as described in the SLAM paper[1]. Unless Linear Address
Space Separation (LASS) is enabled this weakness may be exploitable.
Until kernel adds support for LASS[2], only allow LAM for COMPILE_TEST,
or when speculation mitigations have been disabled at compile time,
otherwise keep LAM disabled.
There are no processors in market that support LAM yet, so currently
nobody is affected by this issue.
[1] SLAM: https://download.vusec.net/papers/slam_sp24.pdf
[2] LASS: https://lore.kernel.org/lkml/[email protected]/
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-10-22
Published