VYPR
Vendor

webTareas

Products
1
CVEs
28
Across products
28
Status
Private

Products

1

Recent CVEs

28
View all 28 CVEs →
  • CVE-2021-43481CriApr 20, 2022
    risk 0.67cvss 9.8epss 0.05

    An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php.

  • CVE-2020-37080CriFeb 3, 2026
    risk 0.64cvss 9.8epss 0.00

    webTareas 2.0.p8 contains a file deletion vulnerability in the print_layout.php administration component that allows authenticated attackers to delete arbitrary files. Attackers can exploit the vulnerability by manipulating the 'atttmp1' parameter to specify and delete files on…

  • CVE-2022-44291CriDec 2, 2022
    risk 0.64cvss 9.8epss 0.04

    webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php.

  • CVE-2022-44290CriDec 2, 2022
    risk 0.64cvss 9.8epss 0.04

    webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php.

  • CVE-2021-41919HigOct 8, 2021
    risk 0.57cvss 8.8epss 0.02

    webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. This is working by adding or replacing a personal profile picture. The affected endpoint is /includes/upload.php on the HTTP POST data. This…

  • CVE-2021-41916HigOct 8, 2021
    risk 0.57cvss 8.8epss 0.01

    A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and earlier allows a remote attacker to create a new administrative profile and add a new user to the new profile. without the victim's knowledge, by enticing an authenticated admin user to visit an…

  • CVE-2021-41920HigOct 8, 2021
    risk 0.49cvss 7.5epss 0.02

    webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an attacker to access all the data in the…

  • CVE-2020-25733HigSep 18, 2020
    risk 0.49cvss 7.5epss 0.02

    webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types.

  • CVE-2020-23069MedAug 18, 2021
    risk 0.42cvss 6.5epss 0.02

    Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read arbitrary files.

  • CVE-2020-25735MedSep 18, 2020
    risk 0.40cvss 6.1epss 0.01

    webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications.php.

  • CVE-2020-14973MedJun 22, 2020
    risk 0.40cvss 6.1epss 0.01

    The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting (XSS) vulnerability via the query string.

  • CVE-2022-44962MedDec 2, 2022
    risk 0.35cvss 5.4epss 0.00

    webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject field.

  • CVE-2022-44961MedDec 2, 2022
    risk 0.35cvss 5.4epss 0.00

    webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.

  • CVE-2022-44960MedDec 2, 2022
    risk 0.35cvss 5.4epss 0.00

    webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?searchtype=simple. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field.

  • CVE-2022-44959MedDec 2, 2022
    risk 0.35cvss 5.4epss 0.00

    webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.

  • CVE-2022-44957MedDec 2, 2022
    risk 0.35cvss 5.4epss 0.01

    webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.

  • CVE-2022-44956MedDec 2, 2022
    risk 0.35cvss 5.4epss 0.00

    webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.

  • CVE-2022-44955MedDec 2, 2022
    risk 0.35cvss 5.4epss 0.00

    webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Messages field.

  • CVE-2022-44954MedDec 2, 2022
    risk 0.35cvss 5.4epss 0.00

    webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name field after clicking…

  • CVE-2022-44953MedDec 2, 2022
    risk 0.35cvss 5.4epss 0.00

    webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking…

VYPR — Vulnerability Intelligence