Vulnerabilities > Webtareas Project

DATE CVE VULNERABILITY TITLE RISK
2022-12-02 CVE-2022-44962 Cross-site Scripting vulnerability in Webtareas Project Webtareas 2.4
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php.
network
low complexity
webtareas-project CWE-79
5.4
2022-06-16 CVE-2021-36608 Cross-site Scripting vulnerability in Webtareas Project Webtareas 2.2
Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /projects/editproject.php.
network
low complexity
webtareas-project CWE-79
5.4
2022-06-16 CVE-2021-36609 Cross-site Scripting vulnerability in Webtareas Project Webtareas 2.2
Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /linkedcontent/editfolder.php.
network
low complexity
webtareas-project CWE-79
5.4
2022-04-20 CVE-2021-43481 SQL Injection vulnerability in Webtareas Project Webtareas
An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php.
network
low complexity
webtareas-project CWE-89
critical
9.8
2021-10-08 CVE-2021-41916 Cross-Site Request Forgery (CSRF) vulnerability in Webtareas Project Webtareas
A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and earlier allows a remote attacker to create a new administrative profile and add a new user to the new profile.
network
low complexity
webtareas-project CWE-352
8.8
2021-10-08 CVE-2021-41917 Cross-site Scripting vulnerability in Webtareas Project Webtareas
webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the platform users and administrators.
network
low complexity
webtareas-project CWE-79
5.4
2021-10-08 CVE-2021-41918 Cross-site Scripting vulnerability in Webtareas Project Webtareas
webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against the platform users and administrators.
network
low complexity
webtareas-project CWE-79
5.4
2021-10-08 CVE-2021-41919 Unrestricted Upload of File with Dangerous Type vulnerability in Webtareas Project Webtareas
webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions.
network
low complexity
webtareas-project CWE-434
8.8
2021-10-08 CVE-2021-41920 SQL Injection vulnerability in Webtareas Project Webtareas
webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters.
network
low complexity
webtareas-project CWE-89
7.5
2021-08-18 CVE-2020-23069 Path Traversal vulnerability in Webtareas Project Webtareas 2.0
Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read arbitrary files.
network
low complexity
webtareas-project CWE-22
6.5