Webtareas Project

webtareas_project

27 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Webtareas

webtareas

27 CVEs

CVEs (27)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-53972 1Webtareas Project 1Webtareas Dec 27, 2025 Dec 22, 2025 9.3 CRITICAL· v4 7.5 HIGH· v3 N/A· v2 WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries. Attackers can exploit error-based and time-based blind SQL i...Show more WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries. Attackers can exploit error-based and time-based blind SQL injection techniques to extract database information and potentially access sensitive system data.Show less
CVE-2023-53971 1Webtareas Project 1Webtareas Dec 26, 2025 Dec 22, 2025 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the chat photo upload functionality. Attackers can upload a PHP file with arbitrary code to the /fi...Show more WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the chat photo upload functionality. Attackers can upload a PHP file with arbitrary code to the /files/Messages/ directory and execute it directly through the generated file path.Show less
CVE-2022-44962 1Webtareas Project 1Webtareas Apr 24, 2025 Dec 2, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted...Show more webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject field.Show less
CVE-2022-44961 1Webtareas Project 1Webtareas Apr 24, 2025 Dec 2, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payl...Show more webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.Show less
CVE-2022-44960 1Webtareas Project 1Webtareas Apr 24, 2025 Dec 2, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?searchtype=simple. This vulnerability allows attackers to execute arbitrary web scripts or HTML vi...Show more webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?searchtype=simple. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field.Show less
CVE-2022-44959 1Webtareas Project 1Webtareas Apr 24, 2025 Dec 2, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted...Show more webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.Show less
CVE-2022-44957 1Webtareas Project 1Webtareas Apr 24, 2025 Dec 2, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted p...Show more webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.Show less
CVE-2022-44956 1Webtareas Project 1Webtareas Apr 24, 2025 Dec 2, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted...Show more webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.Show less
CVE-2022-44955 1Webtareas Project 1Webtareas Apr 24, 2025 Dec 2, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into...Show more webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Messages field.Show less
CVE-2022-44954 1Webtareas Project 1Webtareas Apr 24, 2025 Dec 2, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted...Show more webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name field after clicking "Add".Show less
CVE-2022-44953 1Webtareas Project 1Webtareas Apr 24, 2025 Dec 2, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a craft...Show more webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add".Show less
CVE-2022-44291 1Webtareas Project 1Webtareas Apr 24, 2025 Dec 2, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php.
CVE-2022-44290 1Webtareas Project 1Webtareas Apr 24, 2025 Dec 2, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php.
CVE-2021-36609 1Webtareas Project 1Webtareas Nov 21, 2024 Jun 16, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /linkedcontent/editfolder.php.
CVE-2021-36608 1Webtareas Project 1Webtareas Nov 21, 2024 Jun 16, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /projects/editproject.php.
CVE-2021-43481 1Webtareas Project 1Webtareas Nov 21, 2024 Apr 20, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php.
CVE-2021-41920 1Webtareas Project 1Webtareas Nov 21, 2024 Oct 8, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST paramet...Show more webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an attacker to access all the data in the database and obtain access to the webTareas application.Show less
CVE-2021-41919 1Webtareas Project 1Webtareas Nov 21, 2024 Oct 8, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. This is working by adding or replacing a personal profile picture. The affected endpo...Show more webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. This is working by adding or replacing a personal profile picture. The affected endpoint is /includes/upload.php on the HTTP POST data. This allows an attacker to exploit the platform by injecting code or malware and, under certain conditions, to execute code on remote user browsers.Show less
CVE-2021-41918 1Webtareas Project 1Webtareas Nov 21, 2024 Oct 8, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against the pl...Show more webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against the platform users and administrators. The issue affects every endpoint on the application because it is related on how each URL is echoed back on every response page.Show less
CVE-2021-41917 1Webtareas Project 1Webtareas Nov 21, 2024 Oct 8, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and ac...Show more webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the platform users and administrators. The affected endpoint is /clients/editclient.php, on the HTTP POST cn parameter.Show less

12 Next