Medium severity5.4NVD Advisory· Published Oct 8, 2021· Updated Jun 17, 2026
CVE-2021-41917
CVE-2021-41917
Description
webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the platform users and administrators. The affected endpoint is /clients/editclient.php, on the HTTP POST cn parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- webTareas/webTareasdescription
Patches
Vulnerability mechanics
References
1- n4nj0.github.io/advisories/webtareas-multiple-vulnerabilities-i/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.