Dootask

dootask

Vendor: Dootask • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-29828 1Dootask 1Dootask Apr 2, 2026 Mar 20, 2026 N/A· v4 6.1 MEDIUM· v3 N/A· v2 DooTask v1.6.27 has a Cross-Site Scripting (XSS) vulnerability in the /manage/project/<id> page via the input field projectDesc.
CVE-2025-55455 1Dootask 1Dootask Sep 12, 2025 Aug 22, 2025 N/A· v4 3.5 LOW· v3 N/A· v2 DooTask v1.0.51 was dicovered to contain an authenticated arbitrary download vulnerability via the component /msg/sendtext.
CVE-2025-55454 1Dootask 1Dootask Sep 12, 2025 Aug 22, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 An authenticated arbitrary file upload vulnerability in the component /msg/sendfiles of DooTask v1.0.51 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-34906 1Dootask 1Dootask Nov 21, 2024 May 15, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 An arbitrary file upload vulnerability in dootask v0.30.13 allows attackers to execute arbitrary code via uploading a crafted PDF file.