Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-5284

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2010-5284
Last Modified 13 Aug 2013 12:58:10
Published 26 Nov 2012 06:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2010-5284

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) User parameter in the edit user profile feature to manageuser.php, (2) y parameter in a newcal action to manageajax.php, and the (3) pic parameter to thumb.php.

Vulnerable Systems

Application

  • O-dyn Collabtive 0.6.5


References

BID - 44050

EXPLOIT-DB - 15240

MISC - http://www.anatoliasecurity.com/adv/as-adv-2010-003.txt

SECUNIA - 41805

MISC - http://packetstormsecurity.org/1010-exploits/collabtive-xssxsrf.txt


Last Updated: 27 May 2016 10:49:51