CVE-2006-4224

Published: Aug 18, 2006Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in calendar.php in Virtual War (VWar) 1.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the year parameter. NOTE: The page parameter vector is covered by CVE-2006-4009.

Affected (25)

Products: Vwar: Virtual War

Vwar

1 product

Virtual War

Configuration A

25 vulnerable

Vulnerable Software	Affected Versions
Vwar Virtual War	Up to 1.5.0
Vwar Virtual War	Version 1.0.0
Vwar Virtual War	Version 1.0.1
Vwar Virtual War	Version 1.0.2
Vwar Virtual War	Version 1.0.3
Vwar Virtual War	Version 1.0.4
Vwar Virtual War	Version 1.0.5
Vwar Virtual War	Version 1.0.6
Vwar Virtual War	Version 1.0.7
Vwar Virtual War	Version 1.0.8
Vwar Virtual War	Version 1.0.9
Vwar Virtual War	Version 1.1.0
Vwar Virtual War	Version 1.1.1
Vwar Virtual War	Version 1.1.2
Vwar Virtual War	Version 1.1.3
Vwar Virtual War	Version 1.1.4
Vwar Virtual War	Version 1.1.5
Vwar Virtual War	Version 1.1.6
Vwar Virtual War	Version 1.1.7
Vwar Virtual War	Version 1.1.8
Vwar Virtual War	Version 1.2.0
Vwar Virtual War	Version 1.2.1
Vwar Virtual War	Version 1.2.2
Vwar Virtual War	Version 1.3
Vwar Virtual War	Version 1.4

References (6)

http://securityreason.com/securityalert/1413

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/443171/100/0/threaded

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/28552

Source: cve@mitre.org

http://securityreason.com/securityalert/1413

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/443171/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/28552

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.