Vulnerabilities > Webtareas Project > Webtareas

DATE CVE VULNERABILITY TITLE RISK
2020-09-18 CVE-2020-25735 Cross-site Scripting vulnerability in Webtareas Project Webtareas 2.0/2.1
webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications.php.
network
low complexity
webtareas-project CWE-79
6.1
6.1
2020-09-18 CVE-2020-25734 Path Traversal vulnerability in Webtareas Project Webtareas 2.0/2.1
webTareas through 2.1 allows files/Default/ Directory Listing.
network
low complexity
webtareas-project CWE-22
5.3
5.3
2020-09-18 CVE-2020-25733 Unrestricted Upload of File with Dangerous Type vulnerability in Webtareas Project Webtareas 2.0/2.1
webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types.
network
low complexity
webtareas-project CWE-434
7.5
7.5
2020-08-26 CVE-2020-23660 Cross-site Scripting vulnerability in Webtareas Project Webtareas 2.1
webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search." 		3.5
3.5
2020-06-22 CVE-2020-14973 Cross-site Scripting vulnerability in Webtareas Project Webtareas 2.0
The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting (XSS) vulnerability via the query string. 		4.3
4.3