Kuaifan
Products
1- 5 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-10762 | Med | 0.41 | 6.3 | 0.00 | Sep 21, 2025 | A vulnerability was found in kuaifan DooTask up to 1.2.49. Affected by this vulnerability is an unknown functionality of the file app/Http/Controllers/Api/UsersController.php. The manipulation of the argument keys[department] results in sql injection. The attack can be executed… | ||
| CVE-2026-29828 | Med | 0.40 | 6.1 | 0.00 | Mar 20, 2026 | DooTask v1.6.27 has a Cross-Site Scripting (XSS) vulnerability in the /manage/project/ page via the input field projectDesc. | ||
| CVE-2025-55455 | 0.00 | — | 0.00 | Aug 22, 2025 | DooTask v1.0.51 was dicovered to contain an authenticated arbitrary download vulnerability via the component /msg/sendtext. | |||
| CVE-2025-55454 | 0.00 | — | 0.01 | Aug 22, 2025 | An authenticated arbitrary file upload vulnerability in the component /msg/sendfiles of DooTask v1.0.51 allows attackers to execute arbitrary code via uploading a crafted file. | |||
| CVE-2024-34906 | 0.00 | — | 0.00 | May 15, 2024 | An arbitrary file upload vulnerability in dootask v0.30.13 allows attackers to execute arbitrary code via uploading a crafted PDF file. |
- risk 0.41cvss 6.3epss 0.00
A vulnerability was found in kuaifan DooTask up to 1.2.49. Affected by this vulnerability is an unknown functionality of the file app/Http/Controllers/Api/UsersController.php. The manipulation of the argument keys[department] results in sql injection. The attack can be executed…
- risk 0.40cvss 6.1epss 0.00
DooTask v1.6.27 has a Cross-Site Scripting (XSS) vulnerability in the /manage/project/ page via the input field projectDesc.
- CVE-2025-55455Aug 22, 2025risk 0.00cvss —epss 0.00
DooTask v1.0.51 was dicovered to contain an authenticated arbitrary download vulnerability via the component /msg/sendtext.
- CVE-2025-55454Aug 22, 2025risk 0.00cvss —epss 0.01
An authenticated arbitrary file upload vulnerability in the component /msg/sendfiles of DooTask v1.0.51 allows attackers to execute arbitrary code via uploading a crafted file.
- CVE-2024-34906May 15, 2024risk 0.00cvss —epss 0.00
An arbitrary file upload vulnerability in dootask v0.30.13 allows attackers to execute arbitrary code via uploading a crafted PDF file.