Deferble

**Name of the Vulnerable Software and Affected Versions** WebCollab versions prior to 2.50 **Description** A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `selection` parameter in a todo action in the tasks.php file. **Recommendations** For versions prior to 2.50, update to version 2.50 or later to resolve the issue. As a temporary workaround, consider restricting access to the tasks.php file or disabling the todo action until a patch is available. Avoid using the `selection` parameter in the todo action until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WebCollab versions prior to 2.50 **Description** The issue allows remote attackers to hijack the authentication of administrators for requests that change an arbitrary password or have other unspecified impact due to multiple cross-site request forgery (CSRF) vulnerabilities. **Recommendations** For versions prior to 2.50, update to version 2.50 or later to resolve the issue.