Vulnerabilities > Webtareas Project > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-16 | CVE-2021-36609 | Cross-site Scripting vulnerability in Webtareas Project Webtareas 2.2 Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /linkedcontent/editfolder.php. | 5.4 |
| 2021-10-08 | CVE-2021-41917 | Cross-site Scripting vulnerability in Webtareas Project Webtareas webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the platform users and administrators. | 5.4 |
| 2021-10-08 | CVE-2021-41918 | Cross-site Scripting vulnerability in Webtareas Project Webtareas webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against the platform users and administrators. | 5.4 |
| 2021-08-18 | CVE-2020-23069 | Path Traversal vulnerability in Webtareas Project Webtareas 2.0 Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read arbitrary files. | 6.5 |
| 2020-09-18 | CVE-2020-25735 | Cross-site Scripting vulnerability in Webtareas Project Webtareas 2.0/2.1 webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications.php. | 6.1 |
| 2020-09-18 | CVE-2020-25734 | Path Traversal vulnerability in Webtareas Project Webtareas 2.0/2.1 webTareas through 2.1 allows files/Default/ Directory Listing. | 5.3 |
| 2020-08-26 | CVE-2020-23660 | Cross-site Scripting vulnerability in Webtareas Project Webtareas 2.1 webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search." | 5.4 |
| 2020-06-22 | CVE-2020-14973 | Cross-site Scripting vulnerability in Webtareas Project Webtareas 2.0 The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting (XSS) vulnerability via the query string. | 6.1 |