CVE Vulnerability

CVE-2007-1177

WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to (1) the query string, (2) Profiles, (3) the Forum Post icon field, (4) the Edit Profile, and (5) the Gallery, which has unknown impact and remote attack vectors, possibly related to cross-site scripting (XSS).

5.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 4.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250
http://www.securityfocus.com/bid/22563 Patch Vendor Advisory
http://secunia.com/advisories/24080 Patch Vendor Advisory
http://osvdb.org/33287
http://osvdb.org/33283
http://osvdb.org/33286
http://osvdb.org/33277
http://www.vupen.com/english/advisories/2007/0604
Configurations

Configuration 1

cpe:2.3:a:web-app.org:webapp:0.9.9.3:*:*:*:*:*:*:*
cpe:2.3:a:web-app.org:webapp:0.9.9.3.2:*:*:*:*:*:*:*
cpe:2.3:a:web-app.org:webapp:0.9.9.2.1:*:*:*:*:*:*:*
cpe:2.3:a:web-app.org:webapp:0.9.9.2:*:*:*:*:*:*:*
cpe:2.3:a:web-app.org:webapp:0.9.9.1:*:*:*:*:*:*:*
cpe:2.3:a:web-app.org:webapp:0.9.9:*:*:*:*:*:*:*
cpe:2.3:a:web-app.org:webapp:0.9.9.3.1:*:*:*:*:*:*:*
cpe:2.3:a:web-app.org:webapp:0.9.9.4:*:*:*:*:*:*:*
Information

Published : 2007-03-02 09:18

Updated : 2011-03-08 02:51

NVD link : CVE-2007-1177

Mitre link : CVE-2007-1177

Products Affected
No products.
CWE
NVD-CWE-Other