Vulnerability Description
webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webtareas Project | Webtareas | <= 2.1 |
Related Weaknesses (CWE)
References
- https://medium.com/%40tehwinsam/webtareas-2-1-c8b406c68c2a
- https://sourceforge.net/p/webtareas/tickets/40/Third Party Advisory
- https://sourceforge.net/projects/webtareas/files/Release NotesThird Party Advisory
- https://medium.com/%40tehwinsam/webtareas-2-1-c8b406c68c2a
- https://sourceforge.net/p/webtareas/tickets/40/Third Party Advisory
- https://sourceforge.net/projects/webtareas/files/Release NotesThird Party Advisory
FAQ
What is CVE-2020-25735?
CVE-2020-25735 is a vulnerability with a CVSS score of 6.1 (MEDIUM). webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/cla...
How severe is CVE-2020-25735?
CVE-2020-25735 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-25735?
Check the references section above for vendor advisories and patch information. Affected products include: Webtareas Project Webtareas.