CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-41917

webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the platform users and administrators. The affected endpoint is /clients/editclient.php, on the HTTP POST cn parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 54.9%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://n4nj0.github.io/advisories/webtareas-multiple-vulnerabilities-i/
https://n4nj0.github.io/advisories/webtareas-multiple-vulnerabilities-i/

Products affected by CVE-2021-41917

Webtareas Project » Webtareas » Version: 2.0

cpe:2.3:a:webtareas_project:webtareas:2.0
Webtareas Project » Webtareas » Version: 2.1

cpe:2.3:a:webtareas_project:webtareas:2.1
Webtareas Project » Webtareas » Version: 2.2

cpe:2.3:a:webtareas_project:webtareas:2.2
Webtareas Project » Webtareas » Version: 2.4

cpe:2.3:a:webtareas_project:webtareas:2.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-41917

Products

Pricing

Contact Us