📦 Collabtive

This vulnerability allows remote authenticated users to upload malicious PHP files with alternative extensions (.php3, .php4, .php5, .phtml) through Collabtive's avatar upload functionality, leading t...

Collabtive 3.1 contains stored cross-site scripting (XSS) vulnerabilities in the name parameter of milestone management and project administration functions. This allows attackers to inject malicious ...