Vendor CVEs
webTareas
All CVEs
28 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-43481 | Cri | 0.67 | 9.8 | 0.05 | Apr 20, 2022 | An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php. | ||
| CVE-2020-37080 | Cri | 0.64 | 9.8 | 0.00 | Feb 3, 2026 | webTareas 2.0.p8 contains a file deletion vulnerability in the print_layout.php administration component that allows authenticated attackers to delete arbitrary files. Attackers can exploit the vulnerability by manipulating the 'atttmp1' parameter to specify and delete files on… | ||
| CVE-2022-44291 | Cri | 0.64 | 9.8 | 0.04 | Dec 2, 2022 | webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php. | ||
| CVE-2022-44290 | Cri | 0.64 | 9.8 | 0.04 | Dec 2, 2022 | webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php. | ||
| CVE-2021-41919 | Hig | 0.57 | 8.8 | 0.02 | Oct 8, 2021 | webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. This is working by adding or replacing a personal profile picture. The affected endpoint is /includes/upload.php on the HTTP POST data. This… | ||
| CVE-2021-41916 | Hig | 0.57 | 8.8 | 0.01 | Oct 8, 2021 | A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and earlier allows a remote attacker to create a new administrative profile and add a new user to the new profile. without the victim's knowledge, by enticing an authenticated admin user to visit an… | ||
| CVE-2021-41920 | Hig | 0.49 | 7.5 | 0.02 | Oct 8, 2021 | webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an attacker to access all the data in the… | ||
| CVE-2020-25733 | Hig | 0.49 | 7.5 | 0.02 | Sep 18, 2020 | webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types. | ||
| CVE-2020-23069 | Med | 0.42 | 6.5 | 0.02 | Aug 18, 2021 | Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read arbitrary files. | ||
| CVE-2020-25735 | Med | 0.40 | 6.1 | 0.01 | Sep 18, 2020 | webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications.php. | ||
| CVE-2020-14973 | Med | 0.40 | 6.1 | 0.01 | Jun 22, 2020 | The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting (XSS) vulnerability via the query string. | ||
| CVE-2022-44962 | Med | 0.35 | 5.4 | 0.00 | Dec 2, 2022 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject field. | ||
| CVE-2022-44961 | Med | 0.35 | 5.4 | 0.00 | Dec 2, 2022 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | ||
| CVE-2022-44960 | Med | 0.35 | 5.4 | 0.00 | Dec 2, 2022 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?searchtype=simple. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field. | ||
| CVE-2022-44959 | Med | 0.35 | 5.4 | 0.00 | Dec 2, 2022 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | ||
| CVE-2022-44957 | Med | 0.35 | 5.4 | 0.01 | Dec 2, 2022 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | ||
| CVE-2022-44956 | Med | 0.35 | 5.4 | 0.00 | Dec 2, 2022 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | ||
| CVE-2022-44955 | Med | 0.35 | 5.4 | 0.00 | Dec 2, 2022 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Messages field. | ||
| CVE-2022-44954 | Med | 0.35 | 5.4 | 0.00 | Dec 2, 2022 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name field after clicking… | ||
| CVE-2022-44953 | Med | 0.35 | 5.4 | 0.00 | Dec 2, 2022 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking… | ||
| CVE-2021-36609 | Med | 0.35 | 5.4 | 0.00 | Jun 16, 2022 | Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /linkedcontent/editfolder.php. | ||
| CVE-2021-36608 | Med | 0.35 | 5.4 | 0.00 | Jun 16, 2022 | Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /projects/editproject.php. | ||
| CVE-2021-41918 | Med | 0.35 | 5.4 | 0.01 | Oct 8, 2021 | webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against the platform users and administrators. The issue affects every… | ||
| CVE-2021-41917 | Med | 0.35 | 5.4 | 0.01 | Oct 8, 2021 | webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the… | ||
| CVE-2020-25734 | Med | 0.35 | 5.3 | 0.02 | Sep 18, 2020 | webTareas through 2.1 allows files/Default/ Directory Listing. | ||
| CVE-2020-23660 | Med | 0.35 | 5.4 | 0.01 | Aug 26, 2020 | webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search." | ||
| CVE-2023-53972 | 0.00 | — | 0.00 | Dec 22, 2025 | WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries. Attackers can exploit error-based and time-based blind SQL injection techniques to extract database information and… | |||
| CVE-2023-53971 | 0.00 | — | 0.00 | Dec 22, 2025 | WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the chat photo upload functionality. Attackers can upload a PHP file with arbitrary code to the /files/Messages/ directory and execute it directly through the… |
- risk 0.67cvss 9.8epss 0.05
An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php.
- risk 0.64cvss 9.8epss 0.00
webTareas 2.0.p8 contains a file deletion vulnerability in the print_layout.php administration component that allows authenticated attackers to delete arbitrary files. Attackers can exploit the vulnerability by manipulating the 'atttmp1' parameter to specify and delete files on…
- risk 0.64cvss 9.8epss 0.04
webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php.
- risk 0.64cvss 9.8epss 0.04
webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php.
- risk 0.57cvss 8.8epss 0.02
webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. This is working by adding or replacing a personal profile picture. The affected endpoint is /includes/upload.php on the HTTP POST data. This…
- risk 0.57cvss 8.8epss 0.01
A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and earlier allows a remote attacker to create a new administrative profile and add a new user to the new profile. without the victim's knowledge, by enticing an authenticated admin user to visit an…
- risk 0.49cvss 7.5epss 0.02
webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an attacker to access all the data in the…
- risk 0.49cvss 7.5epss 0.02
webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types.
- risk 0.42cvss 6.5epss 0.02
Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read arbitrary files.
- risk 0.40cvss 6.1epss 0.01
webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications.php.
- risk 0.40cvss 6.1epss 0.01
The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting (XSS) vulnerability via the query string.
- risk 0.35cvss 5.4epss 0.00
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject field.
- risk 0.35cvss 5.4epss 0.00
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
- risk 0.35cvss 5.4epss 0.00
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?searchtype=simple. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field.
- risk 0.35cvss 5.4epss 0.00
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
- risk 0.35cvss 5.4epss 0.01
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
- risk 0.35cvss 5.4epss 0.00
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
- risk 0.35cvss 5.4epss 0.00
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Messages field.
- risk 0.35cvss 5.4epss 0.00
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name field after clicking…
- risk 0.35cvss 5.4epss 0.00
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking…
- risk 0.35cvss 5.4epss 0.00
Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /linkedcontent/editfolder.php.
- risk 0.35cvss 5.4epss 0.00
Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /projects/editproject.php.
- risk 0.35cvss 5.4epss 0.01
webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against the platform users and administrators. The issue affects every…
- risk 0.35cvss 5.4epss 0.01
webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the…
- risk 0.35cvss 5.3epss 0.02
webTareas through 2.1 allows files/Default/ Directory Listing.
- risk 0.35cvss 5.4epss 0.01
webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search."
- CVE-2023-53972Dec 22, 2025risk 0.00cvss —epss 0.00
WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries. Attackers can exploit error-based and time-based blind SQL injection techniques to extract database information and…
- CVE-2023-53971Dec 22, 2025risk 0.00cvss —epss 0.00
WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the chat photo upload functionality. Attackers can upload a PHP file with arbitrary code to the /files/Messages/ directory and execute it directly through the…