Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
Taskcafe ProjectTaskcafe

3 matches found

CVE
CVEadded 2024/10/04 12:0 a.m.51 views

CVE-2023-26770

CVE-2023-26770 affects TaskCafe 0.3.2 and is caused by lack of validation in the Cookie value. An unauthenticated attacker who knows a registered UserID can change that user’s password. Public sources (NVD/Red Hat/OSV) describe the issue identically. The Red Hat/NVD entries note no public details...

9.8CVSS7.2AI score0.00284EPSS
CVE
CVEadded 2020/11/17 5:58 p.m.49 views

CVE-2020-25400

CVE-2020-25400 affects Taskcafe Project Management tool versions before 0.1.0 and 0.1.1, where cross domain policies allow remote attackers to access sensitive data such as access tokens. The CVE entry indicates a high impact (CVSS3.1 base score 7.5) with network-based, low-complexity access and ...

7.5CVSS7.5AI score0.0033EPSS
CVE
CVEadded 2024/10/04 12:0 a.m.46 views

CVE-2023-26771

Taskcafe 0.3.2 is vulnerable to Cross-Site Scripting (XSS) via an SVG profile picture upload due to a lack of validation in the filetype. An authenticated attacker can upload a malicious SVG, with the payload executed when a victim opens the file. Affected component: upload handling for SVG profi...

6.5CVSS5.6AI score0.00168EPSS