webTareas
by webTareas
CVEs (28)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-36609 | Med | 0.35 | 5.4 | 0.00 | Jun 16, 2022 | Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /linkedcontent/editfolder.php. | ||
| CVE-2021-36608 | Med | 0.35 | 5.4 | 0.00 | Jun 16, 2022 | Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /projects/editproject.php. | ||
| CVE-2021-41918 | Med | 0.35 | 5.4 | 0.01 | Oct 8, 2021 | webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against the platform users and administrators. The issue affects every… | ||
| CVE-2021-41917 | Med | 0.35 | 5.4 | 0.01 | Oct 8, 2021 | webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the… | ||
| CVE-2020-25734 | Med | 0.35 | 5.3 | 0.02 | Sep 18, 2020 | webTareas through 2.1 allows files/Default/ Directory Listing. | ||
| CVE-2020-23660 | Med | 0.35 | 5.4 | 0.01 | Aug 26, 2020 | webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search." | ||
| CVE-2023-53972 | 0.00 | — | 0.00 | Dec 22, 2025 | WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries. Attackers can exploit error-based and time-based blind SQL injection techniques to extract database information and… | |||
| CVE-2023-53971 | 0.00 | — | 0.00 | Dec 22, 2025 | WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the chat photo upload functionality. Attackers can upload a PHP file with arbitrary code to the /files/Messages/ directory and execute it directly through the… |
- risk 0.35cvss 5.4epss 0.00
Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /linkedcontent/editfolder.php.
- risk 0.35cvss 5.4epss 0.00
Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /projects/editproject.php.
- risk 0.35cvss 5.4epss 0.01
webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against the platform users and administrators. The issue affects every…
- risk 0.35cvss 5.4epss 0.01
webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the…
- risk 0.35cvss 5.3epss 0.02
webTareas through 2.1 allows files/Default/ Directory Listing.
- risk 0.35cvss 5.4epss 0.01
webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search."
- CVE-2023-53972Dec 22, 2025risk 0.00cvss —epss 0.00
WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries. Attackers can exploit error-based and time-based blind SQL injection techniques to extract database information and…
- CVE-2023-53971Dec 22, 2025risk 0.00cvss —epss 0.00
WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the chat photo upload functionality. Attackers can upload a PHP file with arbitrary code to the /files/Messages/ directory and execute it directly through the…
Page 2 of 2