CVE-2022-44962

Name of the Vulnerable Software and Affected Versions webtareas version 2.4p5

Description The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject field in the /calendar/viewcalendar.php component. This enables the execution of malicious code on the victim's browser.

Recommendations For webtareas version 2.4p5, consider disabling the /calendar/viewcalendar.php component until a patch is available to prevent exploitation of the cross-site scripting vulnerability. Restrict access to the Subject field to minimize the risk of malicious payload injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.