Vulnerabilities > Webtareas Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-02 | CVE-2022-44962 | Cross-site Scripting vulnerability in Webtareas Project Webtareas 2.4 webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php. | 5.4 |
| 2022-06-16 | CVE-2021-36608 | Cross-site Scripting vulnerability in Webtareas Project Webtareas 2.2 Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /projects/editproject.php. | 3.5 |
| 2022-06-16 | CVE-2021-36609 | Cross-site Scripting vulnerability in Webtareas Project Webtareas 2.2 Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /linkedcontent/editfolder.php. | 3.5 |
| 2022-04-20 | CVE-2021-43481 | SQL Injection vulnerability in Webtareas Project Webtareas 2.0/2.1/2.4 An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php. | 7.5 |
| 2021-10-08 | CVE-2021-41916 | Cross-Site Request Forgery (CSRF) vulnerability in Webtareas Project Webtareas 2.0/2.1 A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and earlier allows a remote attacker to create a new administrative profile and add a new user to the new profile. | 6.8 |
| 2021-10-08 | CVE-2021-41917 | Cross-site Scripting vulnerability in Webtareas Project Webtareas 2.0/2.1 webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the platform users and administrators. | 3.5 |
| 2021-10-08 | CVE-2021-41918 | Cross-site Scripting vulnerability in Webtareas Project Webtareas 2.0/2.1 webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against the platform users and administrators. | 3.5 |
| 2021-10-08 | CVE-2021-41919 | Unrestricted Upload of File with Dangerous Type vulnerability in Webtareas Project Webtareas 2.0/2.1 webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. | 6.5 |
| 2021-10-08 | CVE-2021-41920 | SQL Injection vulnerability in Webtareas Project Webtareas 2.0/2.1 webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. | 5.0 |
| 2021-08-18 | CVE-2020-23069 | Path Traversal vulnerability in Webtareas Project Webtareas 2.0 Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read arbitrary files. | 4.0 |