Vulnerabilities > WEB APP ORG > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-03-02 | CVE-2007-1185 | Remote vulnerability in Webapp.Org Webapp The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors. | 5.0 |
2007-03-02 | CVE-2007-1184 | Configuration vulnerability in Web-App.Org Webapp The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setting of "no," which makes it easier for automated programs to submit false data. | 5.0 |
2007-03-02 | CVE-2007-1182 | Remote vulnerability in Webapp.Org Webapp WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest profile, which has unknown impact. | 6.4 |
2007-03-02 | CVE-2007-1181 | Remote vulnerability in Webapp.Org Webapp WebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the username through Edit Profile forms, which has unknown impact and attack vectors. | 5.0 |
2007-03-02 | CVE-2007-1180 | Remote vulnerability in Webapp.Org Webapp WebAPP before 0.9.9.5 does not check referrers in certain forms, which might facilitate remote cross-site request forgery (CSRF) attacks or have other unknown impact. network web-app-org | 4.3 |
2007-03-02 | CVE-2007-1179 | Remote vulnerability in Webapp.Org Webapp WebAPP before 0.9.9.5 does not properly manage e-mail addresses in certain contexts related to (1) the Recommend feature, Email Article (2) senders and (3) recipients, (4) New User Approval, (5) Edit Profiles, (6) the Newsletter Subscription form, (7) the Recommend form, and (8) sending of articles, which has unknown impact, and remote attack vectors related to spam attacks and possibly other attacks. | 5.0 |
2007-03-02 | CVE-2007-1177 | Cross-Site Scripting vulnerability in WebAPP WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to (1) the query string, (2) Profiles, (3) the Forum Post icon field, (4) the Edit Profile, and (5) the Gallery, which has unknown impact and remote attack vectors, possibly related to cross-site scripting (XSS). network web-app-org | 5.8 |
2007-03-02 | CVE-2007-1176 | Cross-Site Scripting vulnerability in WebAPP Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 0.9.9.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) Gallery Comments pages, (2) Feedback pages, (3) Search Results pages, and (4) the Statistics Log viewer. network web-app-org | 4.3 |
2007-03-02 | CVE-2007-1175 | Cross-Site Scripting vulnerability in WebAPP Cross-site scripting (XSS) vulnerability in an admin feature in WebAPP before 20070209 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network web-app-org | 4.3 |
2007-03-02 | CVE-2007-1174 | Remote vulnerability in Webapp.Org Webapp Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 20070214 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to unspecified fields in user Profiles. network web-app-org | 4.3 |