ActiveCollab before 2.3.2 allows remote authenticated users to bypass intended access restrictions, and (1) delete an attachment or (2) subscribe to an object, via a crafted URL.
Max CVSS
6.0
EPSS Score
0.16%
Published
2011-01-07
Updated
2022-08-29
Cross-site scripting (XSS) vulnerability in A51 D.O.O. activeCollab 0.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1772.
Max CVSS
4.3
EPSS Score
0.19%
Published
2009-06-12
Updated
2017-08-17
activeCollab 2.1 Corporate allows remote attackers to obtain sensitive information via an invalid re_route parameter to the login script, which reveals the installation path in an error message.
Max CVSS
5.0
EPSS Score
0.23%
Published
2009-05-22
Updated
2021-07-12
Cross-site scripting (XSS) vulnerability in activeCollab 2.1 Corporate allows remote attackers to inject arbitrary web script or HTML via the re_route parameter to the login script.
Max CVSS
4.3
EPSS Score
0.14%
Published
2009-05-22
Updated
2021-07-12
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!