Taskcafe Project Taskcafe — known CVE vulnerabilities
Every CVE whose affected-product data names Taskcafe Project Taskcafe, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2023-26770 — CVSS 9.8 (critical): TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of…
CVE-2020-25400 — CVSS 7.5 (high): Cross domain policies in Taskcafe Project Management tool before version 0.1.0 and 0.1.1 allows remote attackers to access sensitive data…
CVE-2023-26771 — CVSS 6.5 (medium): Taskcafe 0.3.2 is vulnerable to Cross Site Scripting (XSS). There is a lack of validation in the filetype when uploading a SVG profile…