anhdq201/webtareas

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-44960 ↗	Dec 2, 2022Friday, 2 December 2022, 20:15	5.4 MEDIUM	—
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?searchtype=simple. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field.
CVE-2022-44961 ↗	Dec 2, 2022Friday, 2 December 2022, 20:15	5.4 MEDIUM	—
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2022-44962 ↗	Dec 2, 2022Friday, 2 December 2022, 20:15	5.4 MEDIUM	—
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject field.
CVE-2022-44953 ↗	Dec 2, 2022Friday, 2 December 2022, 20:15	5.4 MEDIUM	—
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add".
CVE-2022-44954 ↗	Dec 2, 2022Friday, 2 December 2022, 20:15	5.4 MEDIUM	—
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name field after clicking "Add".
CVE-2022-44955 ↗	Dec 2, 2022Friday, 2 December 2022, 20:15	5.4 MEDIUM	—
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Messages field.
CVE-2022-44956 ↗	Dec 2, 2022Friday, 2 December 2022, 20:15	5.4 MEDIUM	—
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /projects/listprojects.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2022-44957 ↗	Dec 2, 2022Friday, 2 December 2022, 20:15	5.4 MEDIUM	—
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2022-44959 ↗	Dec 2, 2022Friday, 2 December 2022, 20:15	5.4 MEDIUM	—
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /meetings/listmeetings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2022-44290 ↗	Dec 2, 2022Friday, 2 December 2022, 20:15	9.8 CRITICAL	—
webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php.
CVE-2022-44291 ↗	Dec 2, 2022Friday, 2 December 2022, 20:15	9.8 CRITICAL	—
webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php.