Vulnerabilities > CVE-2007-2306 - Unspecified vulnerability in Vwar Virtual WAR

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

vwar

NVD

Published: 2007-04-26

Updated: 2024-11-21

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the Virtual War (VWar) 1.5.0 R15 and earlier module for PHP-Nuke, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) memberlist parameter to extra/login.php and the (2) title parameter to extra/today.php.

Vulnerable Configurations

Part	Description	Count
Application	Vwar Vwar Virtual WAR 1.0.0 Vwar Virtual WAR 1.0.1 Vwar Virtual WAR 1.0.2 Vwar Virtual WAR 1.0.3 Vwar Virtual WAR 1.0.4 Vwar Virtual WAR 1.0.5 Vwar Virtual WAR 1.0.6 Vwar Virtual WAR 1.0.7 Vwar Virtual WAR 1.0.8 Vwar Virtual WAR 1.0.9 Vwar Virtual WAR 1.1.0 Vwar Virtual WAR 1.1.1 Vwar Virtual WAR 1.1.2 Vwar Virtual WAR 1.1.3 Vwar Virtual WAR 1.1.4 Vwar Virtual WAR 1.1.5 Vwar Virtual WAR 1.1.6 Vwar Virtual WAR 1.1.7 Vwar Virtual WAR 1.1.8 Vwar Virtual WAR 1.2.0 Vwar Virtual WAR 1.2.1 Vwar Virtual WAR 1.2.2 Vwar Virtual WAR 1.3 Vwar Virtual WAR 1.4 Vwar Virtual WAR 1.5 Vwar Virtual WAR 1.5.0	27

Summary

Vulnerable Configurations

References