CVE-2022-44953

Name of the Vulnerable Software and Affected Versions webtareas version 2.4p5

Description The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add" in the "/linkedcontent/listfiles.php" component. This enables the execution of malicious scripts on the victim's browser, potentially leading to unauthorized actions or data theft.

Recommendations For webtareas version 2.4p5, consider disabling the "/linkedcontent/listfiles.php" component or restricting access to it until a patch is available to prevent exploitation. Avoid using the Name field in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.