webTareas version 2.4 and previous versions allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the platform users and administrators. The affected endpoint is /clients/editclient.php, on the HTTP POST cn parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
webtareas project webtareas |