webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications.php.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25735
Reference (s):
- https://medium.com/@tehwinsam/webtareas-2-1-c8b406c68c2a
- https://sourceforge.net/p/webtareas/tickets/40/
- https://sourceforge.net/projects/webtareas/files/