Web App.org

web-app.org

36 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (36)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2007-1185 1Web App.org 1Webapp Apr 23, 2026 Mar 2, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors.
CVE-2007-1184 1Web App.org 1Webapp Apr 23, 2026 Mar 2, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setting of "no," which makes it easier for automated programs to submit false data.
CVE-2007-1183 1Web App.org 1Webapp Apr 23, 2026 Mar 2, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 WebAPP before 0.9.9.5 allows remote authenticated users to spoof another user's Real Name via whitespace, which has unknown impact and attack vectors.
CVE-2007-1182 1Web App.org 1Webapp Apr 23, 2026 Mar 2, 2007 N/A· v4 N/A· v3 6.4 MEDIUM· v2 WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest profile, which has unknown impact.
CVE-2007-1181 1Web App.org 1Webapp Apr 23, 2026 Mar 2, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 WebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the username through Edit Profile forms, which has unknown impact and attack vectors.
CVE-2007-1180 1Web App.org 1Webapp Apr 23, 2026 Mar 2, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 WebAPP before 0.9.9.5 does not check referrers in certain forms, which might facilitate remote cross-site request forgery (CSRF) attacks or have other unknown impact.
CVE-2007-1179 1Web App.org 1Webapp Apr 23, 2026 Mar 2, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 WebAPP before 0.9.9.5 does not properly manage e-mail addresses in certain contexts related to (1) the Recommend feature, Email Article (2) senders and (3) recipients, (4) New User Approval, (5) Edit Profiles, (6) the Ne...Show more WebAPP before 0.9.9.5 does not properly manage e-mail addresses in certain contexts related to (1) the Recommend feature, Email Article (2) senders and (3) recipients, (4) New User Approval, (5) Edit Profiles, (6) the Newsletter Subscription form, (7) the Recommend form, and (8) sending of articles, which has unknown impact, and remote attack vectors related to spam attacks and possibly other attacks.Show less
CVE-2007-1178 1Web App.org 1Webapp Apr 23, 2026 Mar 2, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 WebAPP before 0.9.9.5 does not check access in certain contexts related to (1) Calendar Administration, (2) Instant Messages Administration, and (3) the Image Uploader, which has unknown impact and attack vectors.
CVE-2007-1177 1Web App.org 1Webapp Apr 23, 2026 Mar 2, 2007 N/A· v4 N/A· v3 5.8 MEDIUM· v2 WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to (1) the query string, (2) Profiles, (3) the Forum Post icon field, (4) the Edit Profile, and (5) the Gallery, which has unknown imp...Show more WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to (1) the query string, (2) Profiles, (3) the Forum Post icon field, (4) the Edit Profile, and (5) the Gallery, which has unknown impact and remote attack vectors, possibly related to cross-site scripting (XSS).Show less
CVE-2007-1176 1Web App.org 1Webapp Apr 23, 2026 Mar 2, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 0.9.9.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) Gallery Comments pages, (2) Feedback pages...Show more Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 0.9.9.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) Gallery Comments pages, (2) Feedback pages, (3) Search Results pages, and (4) the Statistics Log viewer.Show less
CVE-2007-1175 1Web App.org 1Webapp Apr 23, 2026 Mar 2, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in an admin feature in WebAPP before 20070209 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-1174 1Web App.org 1Webapp Apr 23, 2026 Mar 2, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 20070214 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to unspecified fields in user Profiles. NOTE:...Show more Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 20070214 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to unspecified fields in user Profiles. NOTE: some of these details are obtained from third party information.Show less
CVE-2006-1427 1Web App.org 1Webapp Apr 16, 2026 Mar 28, 2006 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in WebAPP 0.9.9.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) id, (3) num, (4) board, (5) cat, (6) real, (7) vie...Show more Multiple cross-site scripting (XSS) vulnerabilities in WebAPP 0.9.9.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) id, (3) num, (4) board, (5) cat, (6) real, (7) viewcat, (8) img, or (9) curcatname parameter in cgi-bin/index.cgi, or (10) vsSD parameter in /mods/calendar/index.cgi.Show less
CVE-2005-1628 1Web App.org 1Webapp Apr 16, 2026 May 17, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.
CVE-2005-0927 1Web App.org 1Webapp Apr 16, 2026 May 2, 2005 N/A· v4 N/A· v3 10.0 HIGH· v2 Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has unknown impact and attack vectors, probably involving shell metacharacters or .. sequences.
CVE-2004-1742 1Web App.org 1Webapp Apr 16, 2026 Aug 24, 2004 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in WebAPP 0.9.9 allows remote attackers to view arbitrary files via a .. (dot dot) in the viewcat parameter.