CVE-2010-5284

Collabtive 0.6.5 - Cross-Site Scripting via User Profile Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-5284. PoCs published by Anatolia Security.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in Collabtive 0.65, including non-persistent XSS, CSRF, and stored XSS. The PoC includes a CSRF HTML form that submits malicious data to elevate privileges.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) User parameter in the edit user profile feature to manageuser.php, (2) y parameter in a newcal action to manageajax.php, and the (3) pic parameter to thumb.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Anatolia Security · textwebappsphp
https://www.exploit-db.com/exploits/15240

The exploit demonstrates multiple vulnerabilities in Collabtive 0.65, including non-persistent XSS, CSRF, and stored XSS. The PoC includes a CSRF HTML form that submits malicious data to elevate privileges.

Classification
Working Poc 90%
Attack Type
Xss | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Collabtive 0.65
No auth needed
Prerequisites: Victim must visit a crafted URL or page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/44050
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/15240
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.org/1010-exploits/collabtive-xssxsrf.txt
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41805

Scores

EPSS 0.0198
EPSS Percentile 78.0%

Details

CWE
CWE-79
Status published
Products (1)
o-dyn/collabtive 0.6.5
Published Nov 26, 2012
Tracked Since Feb 18, 2026