CVE-2022-44954

Name of the Vulnerable Software and Affected Versions webtareas version 2.4p5

Description The issue is related to a cross-site scripting (XSS) vulnerability in the /contacts/listcontacts.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name field after clicking "Add".

Recommendations For webtareas version 2.4p5, consider disabling the "Add" functionality in the /contacts/listcontacts.php component until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the Last Name field to minimize the risk of arbitrary web script or HTML injection.