Vulnerabilities > CVE-2007-1177 - Cross-Site Scripting vulnerability in WebAPP

CVSS 5.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

web-app-org

NVD

Published: 2007-03-02

Updated: 2011-03-08

Summary

WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to (1) the query string, (2) Profiles, (3) the Forum Post icon field, (4) the Edit Profile, and (5) the Gallery, which has unknown impact and remote attack vectors, possibly related to cross-site scripting (XSS).

Vulnerable Configurations

Part	Description	Count
Application	Web-App.Org WEB App.Org Webapp 0.9.9 WEB App.Org Webapp 0.9.9.1 WEB App.Org Webapp 0.9.9.2 WEB App.Org Webapp 0.9.9.2.1 WEB App.Org Webapp 0.9.9.3 WEB App.Org Webapp 0.9.9.3.1 WEB App.Org Webapp 0.9.9.3.2 WEB App.Org Webapp 0.9.9.4	8

References

http://osvdb.org/33277
http://osvdb.org/33283
http://osvdb.org/33286
http://osvdb.org/33287
http://secunia.com/advisories/24080
http://www.securityfocus.com/bid/22563
http://www.vupen.com/english/advisories/2007/0604
http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250