Cross-Site Scripting Vulnerabilities in ATRC ACollab Software
CVE-2009-4944

Currently unrated

Key Information:

Vendor: Atutor
Status: Acollab
Vendor: CVE Published:; 22 July 2010

What is CVE-2009-4944?

ATRC ACollab version 1.2 is susceptible to multiple cross-site scripting (XSS) vulnerabilities. Attackers can exploit these vulnerabilities by injecting arbitrary web scripts or HTML through unvalidated input in the 'address' parameter located in profile.php and the 'description' parameter in events/add_event.php. This flaw poses a significant risk, as it allows unauthorized actors to manipulate web content and potentially harvest sensitive user data.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/50834

vdb-entryx_refsource_XF

http://secunia.com/advisories/35173

third-party-advisoryx_refsource_SECUNIA

http://www.osvdb.org/54799

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 22, 2010
Vulnerability Reserved
Jul 21, 2010

CVE-2009-4944 Data

JSON

Atutor

What is CVE-2009-4944?

References

Timeline