Lucene search

Webtareas Security Vulnerabilities - 2020

cve

CVE-2020-14973

The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting (XSS) vulnerability via the query string.

6.1CVSS

6AI Score

0.002EPSS

2020-06-22 06:15 PM

cve

CVE-2020-23660

webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search."

5.4CVSS

5.3AI Score

0.001EPSS

2020-08-26 06:15 PM

cve

CVE-2020-25733

webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types.

7.5CVSS

7.6AI Score

0.001EPSS

2020-09-18 02:15 AM

cve

CVE-2020-25734

webTareas through 2.1 allows files/Default/ Directory Listing.

5.3CVSS

5.3AI Score

0.002EPSS

2020-09-18 02:15 AM

cve

CVE-2020-25735

webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications.php.

6.1CVSS

6AI Score

0.001EPSS

2020-09-18 02:15 AM