Webtareas Project Webtareas — known CVE vulnerabilities
Every CVE whose affected-product data names Webtareas Project Webtareas, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (27)
CVE-2022-44291 — CVSS 9.8 (critical): webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php.
CVE-2022-44290 — CVSS 9.8 (critical): webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php.
CVE-2021-43481 — CVSS 9.8 (critical): An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php.
CVE-2021-41919 — CVSS 8.8 (high): webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. This…
CVE-2021-41916 — CVSS 8.8 (high): A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and earlier allows a remote attacker to create a new…
CVE-2023-53971 — CVSS 8.8 (high): WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the chat photo…
CVE-2023-53972 — CVSS 7.5 (high): WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to…
CVE-2021-41920 — CVSS 7.5 (high): webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint…
CVE-2020-23069 — CVSS 6.5 (medium): Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read…
CVE-2020-25735 — CVSS 6.1 (medium): webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php…
CVE-2020-14973 — CVSS 6.1 (medium): The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting (XSS) vulnerability via…
CVE-2022-44953 — CVSS 5.4 (medium): webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php. This…
CVE-2022-44954 — CVSS 5.4 (medium): webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.php. This…
CVE-2022-44955 — CVSS 5.4 (medium): webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. This vulnerability allows…
CVE-2022-44956 — CVSS 5.4 (medium): webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.php. This…
CVE-2022-44957 — CVSS 5.4 (medium): webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. This…
CVE-2022-44959 — CVSS 5.4 (medium): webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.php. This…
CVE-2022-44960 — CVSS 5.4 (medium): webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?searchtype=simple…
CVE-2022-44961 — CVSS 5.4 (medium): webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. This…
CVE-2022-44962 — CVSS 5.4 (medium): webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php. This…
CVE-2021-36609 — CVSS 5.4 (medium): Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /linkedcontent/editfolder.php.
CVE-2021-41918 — CVSS 5.4 (medium): webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitization of…
CVE-2021-36608 — CVSS 5.4 (medium): Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /projects/editproject.php.
CVE-2021-41917 — CVSS 5.4 (medium): webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name…