Every CVE whose affected-product data names Web-app.org Webapp, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (36)
CVE-2005-0927 — CVSS 10.0 (critical): Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has unknown impact and attack vectors, probably involving shell…
CVE-2005-1628 — CVSS 7.5 (high): apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell…
CVE-2007-3424 — CVSS 7.5 (high): The moveim function in cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the tocat parameter as a subdirectory…
CVE-2007-1178 — CVSS 7.5 (high): WebAPP before 0.9.9.5 does not check access in certain contexts related to (1) Calendar Administration, (2) Instant Messages…
CVE-2007-1183 — CVSS 7.5 (high): WebAPP before 0.9.9.5 allows remote authenticated users to spoof another user's Real Name via whitespace, which has unknown impact and…
CVE-2007-1188 — CVSS 7.5 (high): WebAPP before 0.9.9.5 allows remote attackers to submit Search form input that is not checked for (1) composition or (2) length, which has…
CVE-2007-1259 — CVSS 7.5 (high): Multiple unspecified vulnerabilities in WebAPP before 0.9.9.6 have unknown impact and attack vectors.
CVE-2007-3242 — CVSS 7.5 (high): The Menu Manager Mod for (1) web-app.net WebAPP (aka WebAPP NE) 0.9.9.3.3 through 0.9.9.8, and (2) web-app.org WebAPP before 0.9.9.6…
CVE-2007-3419 — CVSS 7.5 (high): The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the (1) themes.dat, (2)…
CVE-2007-3420 — CVSS 7.5 (high): The Random Cookie Password functionality in the loaduser function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 does not…
CVE-2007-3422 — CVSS 7.5 (high): The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 attempts to parse query strings that contain (1)…
CVE-2007-3423 — CVSS 7.5 (high): cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the…
CVE-2007-1489 — CVSS 6.8 (medium): Unspecified vulnerability in web-app.org Web Automated Perl Portal (WebAPP) 0.9.9.4 to 0.9.9.6 allows remote attackers to obtain admin…
CVE-2007-3418 — CVSS 6.5 (medium): The displaypost function in cgi-bin/cgi-lib/forum_display.pl in web-app.org WebAPP before 0.9.9.7 does not display usernames in conjunction…
CVE-2007-1182 — CVSS 6.4 (medium): WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest profile, which has unknown impact.
CVE-2007-1831 — CVSS 6.0 (medium): web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to open files and write "wrong data" via a crafted QUERY_STRING.
CVE-2007-1827 — CVSS 6.0 (medium): Multiple unspecified vulnerabilities in form input validation in web-app.org WebAPP before 0.9.9.6 allow remote authenticated users to…
CVE-2007-1177 — CVSS 5.8 (medium): WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to (1) the query string, (2) Profiles, (3) the Forum…
CVE-2007-1187 — CVSS 5.5 (medium): WebAPP before 0.9.9.5 allows remote authenticated users, without admin privileges, to obtain sensitive information via (1) the Forum…
CVE-2004-1742 — CVSS 5.0 (medium): Directory traversal vulnerability in WebAPP 0.9.9 allows remote attackers to view arbitrary files via a .. (dot dot) in the viewcat…
CVE-2007-1179 — CVSS 5.0 (medium): WebAPP before 0.9.9.5 does not properly manage e-mail addresses in certain contexts related to (1) the Recommend feature, Email Article (2)…
CVE-2007-3416 — CVSS 5.0 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in the administration of (1) polls, (2) profiles, (3) IP bans, and (4) forums in…
CVE-2007-1181 — CVSS 5.0 (medium): WebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the username through Edit Profile forms, which has unknown impact and attack…
CVE-2007-1832 — CVSS 5.0 (medium): web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to upload certain files (1) via a crafted filename or (2) by "using…
CVE-2007-1185 — CVSS 5.0 (medium): The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown…
CVE-2007-1184 — CVSS 5.0 (medium): The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setting of "no," which makes it easier for automated programs to submit…
CVE-2007-1174 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 20070214 allow remote attackers to inject arbitrary web script or HTML…
CVE-2007-1830 — CVSS 4.3 (medium): Unspecified vulnerability in the Username Hijacking Patch 20070312 for web-app.org WebAPP 0.9.9.6 allows remote attackers to obtain…
CVE-2006-1427 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in WebAPP 0.9.9.3.2 and earlier allow remote attackers to inject arbitrary web script…
CVE-2007-3417 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/cgi-lib/search.pl in web-app.org WebAPP before 0.9.9.7 allow remote…
CVE-2007-1175 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in an admin feature in WebAPP before 20070209 allows remote attackers to inject arbitrary web…
CVE-2007-1176 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 0.9.9.5 allow remote attackers to inject arbitrary web script or HTML…
CVE-2007-1180 — CVSS 4.3 (medium): WebAPP before 0.9.9.5 does not check referrers in certain forms, which might facilitate remote cross-site request forgery (CSRF) attacks or…
CVE-2007-1828 — CVSS 3.5 (low): Multiple cross-site scripting (XSS) vulnerabilities in web-app.org WebAPP before 0.9.9.6 allow remote authenticated users to inject…