Home/Product/webtareas project webtareas
Product

webtareas project webtareas

27 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2023-53972
all versions
WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to
7.5HIGH
 CVE-2023-53971
all versions
WebTareas 2.4 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the chat
8.8HIGH
 CVE-2022-44962
all versions
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php.
5.4MEDIUM
 CVE-2022-44961
all versions
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. This
5.4MEDIUM
 CVE-2022-44960
all versions
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?searchty
5.4MEDIUM
 CVE-2022-44959
all versions
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.php.
5.4MEDIUM
 CVE-2022-44957
all versions
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. Th
5.4MEDIUM
 CVE-2022-44956
all versions
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.php.
5.4MEDIUM
 CVE-2022-44955
all versions
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. This vulnerability allo
5.4MEDIUM
 CVE-2022-44954
all versions
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.php.
5.4MEDIUM
 CVE-2022-44953
all versions
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php
5.4MEDIUM
 CVE-2022-44291
all versions
webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php.
9.8CRITICAL
 CVE-2022-44290
all versions
webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php.
9.8CRITICAL
 CVE-2021-36609
all versions
Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /linkedcontent/editfolder.php.
5.4MEDIUM
 CVE-2021-36608
all versions
Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /projects/editproject.php.
5.4MEDIUM
 CVE-2021-43481
< 2.4
An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php.
9.8CRITICAL
 CVE-2021-41920
<= 2.4
webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endp
7.5HIGH
 CVE-2021-41919
<= 2.4
webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restricti
8.8HIGH
 CVE-2021-41918
<= 2.4
webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitizatio
5.4MEDIUM
 CVE-2021-41917
<= 2.4
webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a clie
5.4MEDIUM
 CVE-2021-41916
<= 2.4
A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and earlier allows a remote attacker to create a new ad
8.8HIGH
 CVE-2020-23069
all versions
Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious use
6.5MEDIUM
 CVE-2020-25735
<= 2.1
webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, admi
6.1MEDIUM
 CVE-2020-25734
<= 2.1
webTareas through 2.1 allows files/Default/ Directory Listing.
5.3MEDIUM
 CVE-2020-25733
<= 2.1
webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types.
7.5HIGH
 CVE-2020-23660
all versions
webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search."
5.4MEDIUM
 CVE-2020-14973
all versions
The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting (XSS) vulnerab
6.1MEDIUM
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh