Johannes Rückert

**Name of the Vulnerable Software and Affected Versions** Teamwork Cloud versions No Magic Release 2021x through No Magic Release 2022x **Description** A Cross-Site Request Forgery (CSRF) vulnerability could allow an attacker to send a specifically crafted query to the server under certain conditions. **Recommendations** For versions No Magic Release 2021x through No Magic Release 2022x, consider implementing additional security measures to prevent CSRF attacks, such as validating request headers and using anti-CSRF tokens. As a temporary workaround, restrict access to sensitive server queries until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Teamwork Cloud versions No Magic Release 2021x through No Magic Release 2022x **Description** A stored Cross-site Scripting (XSS) issue allows an attacker to execute arbitrary script code. **Recommendations** For versions No Magic Release 2021x through No Magic Release 2022x, update to a version that is not affected by this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.