webTareas
Products
1- 28 CVEs
Recent CVEs
28| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-43481 | Cri | 0.67 | 9.8 | 0.05 | Apr 20, 2022 | An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php. | ||
| CVE-2020-37080 | Cri | 0.64 | 9.8 | 0.00 | Feb 3, 2026 | webTareas 2.0.p8 contains a file deletion vulnerability in the print_layout.php administration component that allows authenticated attackers to delete arbitrary files. Attackers can exploit the vulnerability by manipulating the 'atttmp1' parameter to specify and delete files on… | ||
| CVE-2022-44291 | Cri | 0.64 | 9.8 | 0.04 | Dec 2, 2022 | webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php. | ||
| CVE-2022-44290 | Cri | 0.64 | 9.8 | 0.04 | Dec 2, 2022 | webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php. | ||
| CVE-2021-41919 | Hig | 0.57 | 8.8 | 0.02 | Oct 8, 2021 | webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. This is working by adding or replacing a personal profile picture. The affected endpoint is /includes/upload.php on the HTTP POST data. This… | ||
| CVE-2021-41916 | Hig | 0.57 | 8.8 | 0.01 | Oct 8, 2021 | A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and earlier allows a remote attacker to create a new administrative profile and add a new user to the new profile. without the victim's knowledge, by enticing an authenticated admin user to visit an… | ||
| CVE-2021-41920 | Hig | 0.49 | 7.5 | 0.02 | Oct 8, 2021 | webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an attacker to access all the data in the… | ||
| CVE-2020-25733 | Hig | 0.49 | 7.5 | 0.02 | Sep 18, 2020 | webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types. | ||
| CVE-2020-23069 | Med | 0.42 | 6.5 | 0.02 | Aug 18, 2021 | Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read arbitrary files. | ||
| CVE-2020-25735 | Med | 0.40 | 6.1 | 0.01 | Sep 18, 2020 | webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications.php. | ||
| CVE-2020-14973 | Med | 0.40 | 6.1 | 0.01 | Jun 22, 2020 | The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting (XSS) vulnerability via the query string. | ||
| CVE-2022-44962 | Med | 0.35 | 5.4 | 0.00 | Dec 2, 2022 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject field. | ||
| CVE-2022-44961 | Med | 0.35 | 5.4 | 0.00 | Dec 2, 2022 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | ||
| CVE-2022-44960 | Med | 0.35 | 5.4 | 0.00 | Dec 2, 2022 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?searchtype=simple. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field. | ||
| CVE-2022-44959 | Med | 0.35 | 5.4 | 0.00 | Dec 2, 2022 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | ||
| CVE-2022-44957 | Med | 0.35 | 5.4 | 0.01 | Dec 2, 2022 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | ||
| CVE-2022-44956 | Med | 0.35 | 5.4 | 0.00 | Dec 2, 2022 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | ||
| CVE-2022-44955 | Med | 0.35 | 5.4 | 0.00 | Dec 2, 2022 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Messages field. | ||
| CVE-2022-44954 | Med | 0.35 | 5.4 | 0.00 | Dec 2, 2022 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name field after clicking… | ||
| CVE-2022-44953 | Med | 0.35 | 5.4 | 0.00 | Dec 2, 2022 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking… |
- risk 0.67cvss 9.8epss 0.05
An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php.
- risk 0.64cvss 9.8epss 0.00
webTareas 2.0.p8 contains a file deletion vulnerability in the print_layout.php administration component that allows authenticated attackers to delete arbitrary files. Attackers can exploit the vulnerability by manipulating the 'atttmp1' parameter to specify and delete files on…
- risk 0.64cvss 9.8epss 0.04
webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php.
- risk 0.64cvss 9.8epss 0.04
webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php.
- risk 0.57cvss 8.8epss 0.02
webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. This is working by adding or replacing a personal profile picture. The affected endpoint is /includes/upload.php on the HTTP POST data. This…
- risk 0.57cvss 8.8epss 0.01
A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and earlier allows a remote attacker to create a new administrative profile and add a new user to the new profile. without the victim's knowledge, by enticing an authenticated admin user to visit an…
- risk 0.49cvss 7.5epss 0.02
webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an attacker to access all the data in the…
- risk 0.49cvss 7.5epss 0.02
webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types.
- risk 0.42cvss 6.5epss 0.02
Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read arbitrary files.
- risk 0.40cvss 6.1epss 0.01
webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications.php.
- risk 0.40cvss 6.1epss 0.01
The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting (XSS) vulnerability via the query string.
- risk 0.35cvss 5.4epss 0.00
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject field.
- risk 0.35cvss 5.4epss 0.00
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
- risk 0.35cvss 5.4epss 0.00
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?searchtype=simple. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field.
- risk 0.35cvss 5.4epss 0.00
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
- risk 0.35cvss 5.4epss 0.01
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
- risk 0.35cvss 5.4epss 0.00
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
- risk 0.35cvss 5.4epss 0.00
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Messages field.
- risk 0.35cvss 5.4epss 0.00
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name field after clicking…
- risk 0.35cvss 5.4epss 0.00
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking…