Webtareas@* Security Vulnerabilities and Issues — Webtareas@* CVE List

Lucene search

Webtareas ProjectWebtareas*

9 matches found

CVE•added 2022/04/20 8:15 p.m.•47 views

CVE-2021-43481

An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php.

9.8CVSS9.9AI score0.00145EPSS

CVE•added 2021/10/08 4:15 p.m.•40 views

CVE-2021-41918

webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against the platform users and administrators. The issue affects every endpoint on the applic...

5.4CVSS5.2AI score0.00324EPSS

CVE•added 2021/10/08 4:15 p.m.•34 views

CVE-2021-41920

webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an attacker to access all the data in the database and obtain ...

7.5CVSS7.9AI score0.0217EPSS

CVE•added 2021/10/08 4:15 p.m.•32 views

CVE-2021-41917

webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the platform users and admin...

5.4CVSS5.1AI score0.00324EPSS

CVE•added 2021/10/08 4:15 p.m.•32 views

CVE-2021-41919

webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. This is working by adding or replacing a personal profile picture. The affected endpoint is /includes/upload.php on the HTTP POST data. This allows an attacker to e...

8.8CVSS8.7AI score0.0153EPSS

CVE•added 2020/09/18 2:15 a.m.•29 views

CVE-2020-25734

webTareas through 2.1 allows files/Default/ Directory Listing.

5.3CVSS5.3AI score0.00637EPSS

CVE•added 2021/10/08 4:15 p.m.•29 views

CVE-2021-41916

A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and earlier allows a remote attacker to create a new administrative profile and add a new user to the new profile. without the victim's knowledge, by enticing an authenticated admin user to visit an attacker's web page.

8.8CVSS8.7AI score0.00193EPSS

CVE•added 2020/09/18 2:15 a.m.•27 views

CVE-2020-25735

webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications.php.

6.1CVSS6AI score0.00361EPSS

CVE•added 2020/09/18 2:15 a.m.•24 views

CVE-2020-25733

webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types.

7.5CVSS7.6AI score0.00491EPSS