Description

Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) User parameter in the edit user profile feature to manageuser.php, (2) y parameter in a newcal action to manageajax.php, and the (3) pic parameter to thumb.php.

Remediation

References

CVE-2010-5284

Related Vulnerabilities

WordPress 3.8.x Cross-Site Scripting Vulnerability (3.8 - 3.8.11)

WordPress Plugin Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, Aweber-MailOptin Security Bypass (1.2.49.0)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-11628)

WordPress Plugin Easy Image Gallery Cross-Site Scripting (1.1.1)

WordPress Plugin SVG Support Cross-Site Scripting (2.5.1)

Severity

Medium

Classification

CVE-2010-5284 CWE-707

Tags

Missing Update Known Vulnerabilities