VYPR

Activecollab

by Activecollab

CVEs (5)

  • CVE-2012-6554May 23, 2013
    risk 0.04cvss epss 0.17

    functions/html_to_text.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the message[message_text] parameter to chat/add_messag, which is not properly handled when executing the preg_replace function with the…

  • CVE-2010-0215Jan 7, 2011
    risk 0.00cvss epss 0.02

    ActiveCollab before 2.3.2 allows remote authenticated users to bypass intended access restrictions, and (1) delete an attachment or (2) subscribe to an object, via a crafted URL.

  • CVE-2009-2041Jun 12, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in A51 D.O.O. activeCollab 0.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1772.

  • CVE-2009-1773May 22, 2009
    risk 0.00cvss epss 0.02

    activeCollab 2.1 Corporate allows remote attackers to obtain sensitive information via an invalid re_route parameter to the login script, which reveals the installation path in an error message.

  • CVE-2009-1772May 22, 2009
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in activeCollab 2.1 Corporate allows remote attackers to inject arbitrary web script or HTML via the re_route parameter to the login script.