Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the platform users and administrators. The affected endpoint is /clients/editclient.php, on the HTTP POST cn parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
webTareas 跨站脚本漏洞
Vulnerability Description
webTareas是一款基于Web的开源协作工具。该产品支持项目管理、错误跟踪、内容管理和会议管理等功能。 webTareas 存在安全漏洞,该漏洞源于webTareas 2.4及更早版本中,用户提供的数据被错误地消毒。攻击者可利用该漏洞允许认证用户通过在客户端部分创建或编辑客户端名称来存储任意web脚本或HTML。
CVSS Information
N/A
Vulnerability Type
N/A