Unrated severityNVD Advisory· Published Nov 26, 2012· Updated Apr 29, 2026

CVE-2010-5284

Description

Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) User parameter in the edit user profile feature to manageuser.php, (2) y parameter in a newcal action to manageajax.php, and the (3) pic parameter to thumb.php.

Affected products

O Dyn/Collabtive
cpe:2.3:a:o-dyn:collabtive:0.6.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/44050nvdExploit
secunia.com/advisories/41805nvdVendor Advisory
packetstormsecurity.org/1010-exploits/collabtive-xssxsrf.txtnvd
www.anatoliasecurity.com/adv/as-adv-2010-003.txtnvd
www.exploit-db.com/exploits/15240nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.007
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000