Web-App.org: >> Webapp Security Vulnerabilities
WebAPP before 0.9.9.5 allows remote authenticated users, without admin privileges, to obtain sensitive information via (1) the Forum Archive feature and (2) Recent Searches.
CVSS Score
5.5
EPSS Score
0.004
Published
2007-03-02
WebAPP before 0.9.9.5 allows remote attackers to submit Search form input that is not checked for (1) composition or (2) length, which has unknown impact, possibly related to "search form hijacking".
CVSS Score
7.5
EPSS Score
0.007
Published
2007-03-02
Multiple cross-site scripting (XSS) vulnerabilities in WebAPP 0.9.9.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) id, (3) num, (4) board, (5) cat, (6) real, (7) viewcat, (8) img, or (9) curcatname parameter in cgi-bin/index.cgi, or (10) vsSD parameter in /mods/calendar/index.cgi.
CVSS Score
4.3
EPSS Score
0.01
Published
2006-03-28
apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.
CVSS Score
7.5
EPSS Score
0.169
Published
2005-05-17
Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has unknown impact and attack vectors, probably involving shell metacharacters or .. sequences.
CVSS Score
10.0
EPSS Score
0.005
Published
2005-05-02
Directory traversal vulnerability in WebAPP 0.9.9 allows remote attackers to view arbitrary files via a .. (dot dot) in the viewcat parameter.
CVSS Score
5.0
EPSS Score
0.048
Published
2004-08-24
Page 4