CVE-2022-44957

Name of the Vulnerable Software and Affected Versions webtareas version 2.4p5

Description The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field in the /clients/listclients.php component. This enables attackers to perform cross-site scripting (XSS) attacks.

Recommendations For webtareas version 2.4p5, consider restricting access to the /clients/listclients.php component until a patch is available. As a temporary workaround, avoid using the Name field in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.