CVE-2021-36609

Name of the Vulnerable Software and Affected Versions webTareas version 2.2p1

Description A Cross Site Scripting (XSS) issue exists, allowing exploitation via the Name field in the "/linkedcontent/editfolder.php" API endpoint. This enables potential attackers to inject malicious scripts into the website.

Recommendations For webTareas version 2.2p1, as a temporary workaround, consider restricting access to the "/linkedcontent/editfolder.php" endpoint until a patch is available. Avoid using the Name field in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.