Vulnerabilities > Webtareas Project > Webtareas > 2.1

DATE CVE VULNERABILITY TITLE RISK
2022-04-20 CVE-2021-43481 SQL Injection vulnerability in Webtareas Project Webtareas
An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php.
network
low complexity
webtareas-project CWE-89
critical
9.8
2021-10-08 CVE-2021-41916 Cross-Site Request Forgery (CSRF) vulnerability in Webtareas Project Webtareas
A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and earlier allows a remote attacker to create a new administrative profile and add a new user to the new profile.
network
low complexity
webtareas-project CWE-352
8.8
2021-10-08 CVE-2021-41917 Cross-site Scripting vulnerability in Webtareas Project Webtareas
webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the platform users and administrators.
network
low complexity
webtareas-project CWE-79
5.4
2021-10-08 CVE-2021-41918 Cross-site Scripting vulnerability in Webtareas Project Webtareas
webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against the platform users and administrators.
network
low complexity
webtareas-project CWE-79
5.4
2021-10-08 CVE-2021-41919 Unrestricted Upload of File with Dangerous Type vulnerability in Webtareas Project Webtareas
webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions.
network
low complexity
webtareas-project CWE-434
8.8
2021-10-08 CVE-2021-41920 SQL Injection vulnerability in Webtareas Project Webtareas
webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters.
network
low complexity
webtareas-project CWE-89
7.5
2020-09-18 CVE-2020-25735 Cross-site Scripting vulnerability in Webtareas Project Webtareas 2.0/2.1
webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications.php.
network
low complexity
webtareas-project CWE-79
6.1
2020-09-18 CVE-2020-25734 Path Traversal vulnerability in Webtareas Project Webtareas 2.0/2.1
webTareas through 2.1 allows files/Default/ Directory Listing.
network
low complexity
webtareas-project CWE-22
5.3
2020-09-18 CVE-2020-25733 Unrestricted Upload of File with Dangerous Type vulnerability in Webtareas Project Webtareas 2.0/2.1
webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types.
network
low complexity
webtareas-project CWE-434
7.5
2020-08-26 CVE-2020-23660 Cross-site Scripting vulnerability in Webtareas Project Webtareas 2.1
webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search."
network
low complexity
webtareas-project CWE-79
5.4