Vulnerabilities > Webtareas Project

DATE	CVE	VULNERABILITY TITLE	RISK
2022-12-02	CVE-2022-44962	Cross-site Scripting vulnerability in Webtareas Project Webtareas 2.4 webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php. network low complexity webtareas-project CWE-79	5.4
2022-06-16	CVE-2021-36608	Cross-site Scripting vulnerability in Webtareas Project Webtareas 2.2 Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /projects/editproject.php. network low complexity webtareas-project CWE-79	5.4
2022-06-16	CVE-2021-36609	Cross-site Scripting vulnerability in Webtareas Project Webtareas 2.2 Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /linkedcontent/editfolder.php. network low complexity webtareas-project CWE-79	5.4
2022-04-20	CVE-2021-43481	SQL Injection vulnerability in Webtareas Project Webtareas An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php. network low complexity webtareas-project CWE-89 critical	9.8
2021-10-08	CVE-2021-41916	Cross-Site Request Forgery (CSRF) vulnerability in Webtareas Project Webtareas A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and earlier allows a remote attacker to create a new administrative profile and add a new user to the new profile. network low complexity webtareas-project CWE-352	8.8
2021-10-08	CVE-2021-41917	Cross-site Scripting vulnerability in Webtareas Project Webtareas webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the platform users and administrators. network low complexity webtareas-project CWE-79	5.4
2021-10-08	CVE-2021-41918	Cross-site Scripting vulnerability in Webtareas Project Webtareas webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against the platform users and administrators. network low complexity webtareas-project CWE-79	5.4
2021-10-08	CVE-2021-41919	Unrestricted Upload of File with Dangerous Type vulnerability in Webtareas Project Webtareas webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. network low complexity webtareas-project CWE-434	8.8
2021-10-08	CVE-2021-41920	SQL Injection vulnerability in Webtareas Project Webtareas webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. network low complexity webtareas-project CWE-89	7.5
2021-08-18	CVE-2020-23069	Path Traversal vulnerability in Webtareas Project Webtareas 2.0 Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read arbitrary files. network low complexity webtareas-project CWE-22	6.5

Vulnerabilities > Webtareas Project {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Webtareas Project"}]}

Vulnerabilities > Webtareas Project