source: https://www.securityfocus.com/bid/47105/info Collabtive is prone to multiple remote input-validation vulnerabilities including cross-site scripting, HTML-injection, and directory-traversal issues. Attackers can exploit these issues to obtain sensitive information, execute arbitrary script code, and steal cookie-based authentication credentials. Collabtive 0.6.5 is vulnerable; other versions may also be affected. Directory Traversal: http://www.example.com/thumb.php?pic=./../../../../../tmp/photo.jpg Cross-site Scripting: http://www.example.com/managetimetracker.php?action=editform&tid=1&id=1"> http://www.example.com/manageuser.php?action=profile&id=1"> HTML-injection: