Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Webtareas
(Webtareas_project)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 25 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-10-08 | CVE-2021-41920 | webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an attacker to access all the data in the database and obtain access to the webTareas application. | Webtareas | 7.5 | ||
| 2022-04-20 | CVE-2021-43481 | An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php. | Webtareas | 9.8 | ||
| 2022-06-16 | CVE-2021-36608 | Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /projects/editproject.php. | Webtareas | 5.4 | ||
| 2022-06-16 | CVE-2021-36609 | Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /linkedcontent/editfolder.php. | Webtareas | 5.4 | ||
| 2022-12-02 | CVE-2022-44290 | webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php. | Webtareas | 9.8 | ||
| 2022-12-02 | CVE-2022-44291 | webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php. | Webtareas | 9.8 | ||
| 2022-12-02 | CVE-2022-44953 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add". | Webtareas | 5.4 | ||
| 2022-12-02 | CVE-2022-44954 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name field after clicking "Add". | Webtareas | 5.4 | ||
| 2022-12-02 | CVE-2022-44955 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Messages field. | Webtareas | 5.4 | ||
| 2022-12-02 | CVE-2022-44956 | webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | Webtareas | 5.4 |