VYPR
Vendor

Taskcafe

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2023-26770CriOct 4, 2024
    risk 0.64cvss 9.8epss 0.01

    TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user.

  • CVE-2020-25400HigNov 17, 2020
    risk 0.49cvss 7.5epss 0.02

    Cross domain policies in Taskcafe Project Management tool before version 0.1.0 and 0.1.1 allows remote attackers to access sensitive data such as access token.

  • CVE-2023-26771MedOct 4, 2024
    risk 0.42cvss 6.5epss 0.00

    Taskcafe 0.3.2 is vulnerable to Cross Site Scripting (XSS). There is a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload on it. An authenticated attacker can exploit this vulnerability by uploading a malicious picture which will trigger…