Vulnerabilities > CVE-2006-4009 - Input Validation vulnerability in Vwar Virtual WAR 1.5.0

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

vwar

exploit available

NVD

Published: 2006-08-07

Updated: 2018-10-17

Summary

Cross-site scripting (XSS) vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter.

Vulnerable Configurations

Part	Description	Count
Application	Vwar Vwar Virtual WAR 1.5.0	1

Exploit-Db

description	VWar 1.x war.php page Parameter XSS. CVE-2006-4009. Webapps exploit for php platform
id	EDB-ID:28326
last seen	2016-02-03
modified	2006-08-03
published	2006-08-03
reporter	mfoxhacker
source	https://www.exploit-db.com/download/28326/
title	VWar 1.x war.php page Parameter XSS

References

http://securityreason.com/securityalert/1331
http://www.securityfocus.com/archive/1/442101/100/0/threaded
http://www.securityfocus.com/archive/1/443171/100/0/threaded
http://www.securityfocus.com/bid/19327
https://exchange.xforce.ibmcloud.com/vulnerabilities/28200