Filtered by vendor Webtareas Project
Subscriptions
Filtered by product Webtareas
Subscriptions
Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-41917 | 1 Webtareas Project | 1 Webtareas | 2021-10-15 | 5.4 Medium |
| webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the platform users and administrators. The affected endpoint is /clients/editclient.php, on the HTTP POST cn parameter. | ||||
| CVE-2021-41916 | 1 Webtareas Project | 1 Webtareas | 2021-10-15 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and earlier allows a remote attacker to create a new administrative profile and add a new user to the new profile. without the victim's knowledge, by enticing an authenticated admin user to visit an attacker's web page. | ||||
| CVE-2020-23069 | 1 Webtareas Project | 1 Webtareas | 2021-08-24 | 6.5 Medium |
| Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read arbitrary files. | ||||
| CVE-2020-23660 | 1 Webtareas Project | 1 Webtareas | 2020-08-28 | 5.4 Medium |
| webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search." | ||||
| CVE-2020-14973 | 1 Webtareas Project | 1 Webtareas | 2020-06-25 | 6.1 Medium |
| The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting (XSS) vulnerability via the query string. | ||||