Filtered by vendor Webtareas Project
Subscribe
Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41917 | 1 Webtareas Project | 1 Webtareas | 2021-10-15 | 3.5 LOW | 5.4 MEDIUM |
| webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the platform users and administrators. The affected endpoint is /clients/editclient.php, on the HTTP POST cn parameter. | |||||
| CVE-2021-41916 | 1 Webtareas Project | 1 Webtareas | 2021-10-15 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and earlier allows a remote attacker to create a new administrative profile and add a new user to the new profile. without the victim's knowledge, by enticing an authenticated admin user to visit an attacker's web page. | |||||
| CVE-2020-23069 | 1 Webtareas Project | 1 Webtareas | 2021-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read arbitrary files. | |||||
| CVE-2020-23660 | 1 Webtareas Project | 1 Webtareas | 2020-08-28 | 3.5 LOW | 5.4 MEDIUM |
| webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search." | |||||
| CVE-2020-14973 | 1 Webtareas Project | 1 Webtareas | 2020-06-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting (XSS) vulnerability via the query string. | |||||