Filtered by vendor Web-app.org
Subscriptions
Filtered by product Webapp
Subscriptions
Total
36 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-3417 | 1 Web-app.org | 1 Webapp | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/cgi-lib/search.pl in web-app.org WebAPP before 0.9.9.7 allow remote attackers to inject arbitrary web script or HTML via a search string, which is not sanitized when an HREF attribute is printed by the (1) process_search or (2) show_recent_searches function. | ||||
| CVE-2007-3418 | 1 Web-app.org | 1 Webapp | 2026-04-23 | N/A |
| The displaypost function in cgi-bin/cgi-lib/forum_display.pl in web-app.org WebAPP before 0.9.9.7 does not display usernames in conjunction with real names, which makes it easier for remote authenticated users to impersonate other users. | ||||
| CVE-2007-3420 | 1 Web-app.org | 1 Webapp | 2026-04-23 | N/A |
| The Random Cookie Password functionality in the loaduser function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 does not clear the (1) username, (2) password, (3) usertheme, and (4) userlang cookies for unauthorized users, which has unknown impact and remote attack vectors. | ||||
| CVE-2007-3422 | 1 Web-app.org | 1 Webapp | 2026-04-23 | N/A |
| The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 attempts to parse query strings that contain (1) non-printing characters, (2) certain printing characters that do not commonly occur in URLs, or (3) invalid URL encoding sequences, which has unknown impact and remote attack vectors. | ||||
| CVE-2007-3424 | 1 Web-app.org | 1 Webapp | 2026-04-23 | N/A |
| The moveim function in cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the tocat parameter as a subdirectory name when moving an instant message, which has unknown impact and remote attack vectors. | ||||
| CVE-2007-1174 | 1 Web-app.org | 1 Webapp | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 20070214 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to unspecified fields in user Profiles. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-1176 | 1 Web-app.org | 1 Webapp | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 0.9.9.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) Gallery Comments pages, (2) Feedback pages, (3) Search Results pages, and (4) the Statistics Log viewer. | ||||
| CVE-2007-1177 | 1 Web-app.org | 1 Webapp | 2026-04-23 | N/A |
| WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to (1) the query string, (2) Profiles, (3) the Forum Post icon field, (4) the Edit Profile, and (5) the Gallery, which has unknown impact and remote attack vectors, possibly related to cross-site scripting (XSS). | ||||
| CVE-2007-1181 | 1 Web-app.org | 1 Webapp | 2026-04-23 | N/A |
| WebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the username through Edit Profile forms, which has unknown impact and attack vectors. | ||||
| CVE-2007-1185 | 1 Web-app.org | 1 Webapp | 2026-04-23 | N/A |
| The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors. | ||||
| CVE-2007-1186 | 1 Web-app.org | 1 Webapp | 2026-04-23 | N/A |
| WebAPP before 0.9.9.5 does not "censor" the Latest Member real name, which has unknown impact. | ||||
| CVE-2007-1259 | 1 Web-app.org | 1 Webapp | 2026-04-23 | N/A |
| Multiple unspecified vulnerabilities in WebAPP before 0.9.9.6 have unknown impact and attack vectors. | ||||
| CVE-2005-1628 | 1 Web-app.org | 1 Webapp | 2026-04-16 | N/A |
| apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter. | ||||
| CVE-2005-0927 | 1 Web-app.org | 1 Webapp | 2026-04-16 | N/A |
| Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has unknown impact and attack vectors, probably involving shell metacharacters or .. sequences. | ||||
| CVE-2006-1427 | 1 Web-app.org | 1 Webapp | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebAPP 0.9.9.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) id, (3) num, (4) board, (5) cat, (6) real, (7) viewcat, (8) img, or (9) curcatname parameter in cgi-bin/index.cgi, or (10) vsSD parameter in /mods/calendar/index.cgi. | ||||
| CVE-2004-1742 | 1 Web-app.org | 1 Webapp | 2026-04-16 | N/A |
| Directory traversal vulnerability in WebAPP 0.9.9 allows remote attackers to view arbitrary files via a .. (dot dot) in the viewcat parameter. | ||||