Vulnerabilities > Webtareas Project > Webtareas > 2.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-20 | CVE-2021-43481 | SQL Injection vulnerability in Webtareas Project Webtareas 2.0/2.1/2.4 An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php. | 7.5 |
| 2021-10-08 | CVE-2021-41916 | Cross-Site Request Forgery (CSRF) vulnerability in Webtareas Project Webtareas 2.0/2.1 A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and earlier allows a remote attacker to create a new administrative profile and add a new user to the new profile. | 6.8 |
| 2021-10-08 | CVE-2021-41917 | Cross-site Scripting vulnerability in Webtareas Project Webtareas 2.0/2.1 webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the platform users and administrators. | 3.5 |
| 2021-10-08 | CVE-2021-41918 | Cross-site Scripting vulnerability in Webtareas Project Webtareas 2.0/2.1 webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against the platform users and administrators. | 3.5 |
| 2021-10-08 | CVE-2021-41919 | Unrestricted Upload of File with Dangerous Type vulnerability in Webtareas Project Webtareas 2.0/2.1 webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. | 6.5 |
| 2021-10-08 | CVE-2021-41920 | SQL Injection vulnerability in Webtareas Project Webtareas 2.0/2.1 webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. | 5.0 |
| 2020-09-18 | CVE-2020-25735 | Cross-site Scripting vulnerability in Webtareas Project Webtareas 2.0/2.1 webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications.php. | 6.1 |
| 2020-09-18 | CVE-2020-25734 | Path Traversal vulnerability in Webtareas Project Webtareas 2.0/2.1 webTareas through 2.1 allows files/Default/ Directory Listing. | 5.3 |
| 2020-09-18 | CVE-2020-25733 | Unrestricted Upload of File with Dangerous Type vulnerability in Webtareas Project Webtareas 2.0/2.1 webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types. | 7.5 |
| 2020-08-26 | CVE-2020-23660 | Cross-site Scripting vulnerability in Webtareas Project Webtareas 2.1 webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search." | 3.5 |