cbcvebase.

Web-App.Org Webapp vulnerabilities

34 known vulnerabilities affecting web-app.org/webapp.

Total CVEs
34
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH11MEDIUM21LOW1

Vulnerabilities

Page 2 of 2
CVE-2007-1187P4MEDIUMCVSS 5.5v0.9.9v0.9.9.1+6 more2007-03-02
CVE-2007-1187 [MEDIUM] CVE-2007-1187: WebAPP before 0.9.9.5 allows remote authenticated users, without admin privileges, to obtain sensiti WebAPP before 0.9.9.5 allows remote authenticated users, without admin privileges, to obtain sensitive information via (1) the Forum Archive feature and (2) Recent Searches.
nvd
CVE-2007-1179P4MEDIUMCVSS 5.0≤ 0.9.9.42007-03-02
CVE-2007-1179 [MEDIUM] CVE-2007-1179: WebAPP before 0.9.9.5 does not properly manage e-mail addresses in certain contexts related to (1) t WebAPP before 0.9.9.5 does not properly manage e-mail addresses in certain contexts related to (1) the Recommend feature, Email Article (2) senders and (3) recipients, (4) New User Approval, (5) Edit Profiles, (6) the Newsletter Subscription form, (7) the Recommend form, and (8) sending of articles, which has unknown impact, and remote attack vectors related
nvd
CVE-2007-1185P4MEDIUMCVSS 5.0v0.9.9v0.9.9.1+6 more2007-03-02
CVE-2007-1185 [MEDIUM] CVE-2007-1185: The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval forms in WebAPP before 0.9.9. The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors.
nvd
CVE-2007-1184P4MEDIUMCVSS 5.0v0.9.9v0.9.9.1+6 more2007-03-02
CVE-2007-1184 [MEDIUM] CWE-16 CVE-2007-1184: The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setting of "no," which makes it eas The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setting of "no," which makes it easier for automated programs to submit false data.
nvd
CVE-2007-3416P4MEDIUMCVSS 5.0≤ 0.9.9.62007-06-26
CVE-2007-3416 [MEDIUM] CWE-352 CVE-2007-3416: Multiple cross-site request forgery (CSRF) vulnerabilities in the administration of (1) polls, (2) p Multiple cross-site request forgery (CSRF) vulnerabilities in the administration of (1) polls, (2) profiles, (3) IP bans, and (4) forums in (a) web-app.org WebAPP 0.8 through 0.9.9.6; and (b) web-app.net WebAPP 0.9.9.3.3, 0.9.9.3.4, and 2007; allow remote attackers to perform deletions as administrators.
nvd
CVE-2007-1181P4MEDIUMCVSS 5.0v0.9.9v0.9.9.1+6 more2007-03-02
CVE-2007-1181 [MEDIUM] CVE-2007-1181: WebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the username through Edit Profile forms WebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the username through Edit Profile forms, which has unknown impact and attack vectors.
nvd
CVE-2007-1186P4MEDIUMCVSS 5.0v0.9.9v0.9.9.1+6 more2007-03-02
CVE-2007-1186 [MEDIUM] CVE-2007-1186: WebAPP before 0.9.9.5 does not "censor" the Latest Member real name, which has unknown impact. WebAPP before 0.9.9.5 does not "censor" the Latest Member real name, which has unknown impact.
nvd
CVE-2007-1174P4MEDIUMCVSS 4.3≤ 0.9.9.42007-03-02
CVE-2007-1174 [MEDIUM] CVE-2007-1174: Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 20070214 allow remote attackers Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 20070214 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to unspecified fields in user Profiles. NOTE: some of these details are obtained from third party information.
nvd
CVE-2007-1176P4MEDIUMCVSS 4.3≤ 0.9.9.42007-03-02
CVE-2007-1176 [MEDIUM] CVE-2007-1176: Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 0.9.9.5 allow remote attackers Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 0.9.9.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) Gallery Comments pages, (2) Feedback pages, (3) Search Results pages, and (4) the Statistics Log viewer.
nvd
CVE-2007-1830P4MEDIUMCVSS 4.3v0.9.9.62007-04-03
CVE-2007-1830 [MEDIUM] CVE-2007-1830: Unspecified vulnerability in the Username Hijacking Patch 20070312 for web-app.org WebAPP 0.9.9.6 al Unspecified vulnerability in the Username Hijacking Patch 20070312 for web-app.org WebAPP 0.9.9.6 allows remote attackers to obtain administrative access via unknown vectors, related to "something overlooked in the original that was still overlooked in the patch", and possibly related to copying files to the user-lib and the "XSS and cookies exploit."
nvd
CVE-2007-1175P4MEDIUMCVSS 4.3≤ 0.9.9.42007-03-02
CVE-2007-1175 [MEDIUM] CVE-2007-1175: Cross-site scripting (XSS) vulnerability in an admin feature in WebAPP before 20070209 allows remote Cross-site scripting (XSS) vulnerability in an admin feature in WebAPP before 20070209 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2007-3417P4MEDIUMCVSS 4.3≤ 0.9.9.62007-06-26
CVE-2007-3417 [MEDIUM] CVE-2007-3417: Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/cgi-lib/search.pl in web-app.org WebA Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/cgi-lib/search.pl in web-app.org WebAPP before 0.9.9.7 allow remote attackers to inject arbitrary web script or HTML via a search string, which is not sanitized when an HREF attribute is printed by the (1) process_search or (2) show_recent_searches function.
nvd
CVE-2007-1180P4MEDIUMCVSS 4.3≤ 0.9.9.42007-03-02
CVE-2007-1180 [MEDIUM] CVE-2007-1180: WebAPP before 0.9.9.5 does not check referrers in certain forms, which might facilitate remote cross WebAPP before 0.9.9.5 does not check referrers in certain forms, which might facilitate remote cross-site request forgery (CSRF) attacks or have other unknown impact.
nvd
CVE-2007-1828P4LOWCVSS 3.5v0.9.9.1v0.9.9.2+10 more2007-04-03
CVE-2007-1828 [LOW] CVE-2007-1828: Multiple cross-site scripting (XSS) vulnerabilities in web-app.org WebAPP before 0.9.9.6 allow remot Multiple cross-site scripting (XSS) vulnerabilities in web-app.org WebAPP before 0.9.9.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the QUERY_STRING corresponding to drop downs or (2) various forms.
nvd
Web-App.Org Webapp vulnerabilities | cvebase