CVE-2021-36608

Name of the Vulnerable Software and Affected Versions webTareas version 2.2p1

Description A Cross Site Scripting (XSS) issue exists in webTareas, allowing attackers to inject malicious scripts via the Name field in the /projects/editproject.php API endpoint.

Recommendations For webTareas version 2.2p1, as a temporary workaround, consider restricting access to the /projects/editproject.php endpoint until a patch is available. Avoid using the Name field in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.