Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webapp vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2007-1183
WebAPP prior to 0.9.9.5 allows remote authenticated users to spoof another user's Real Name via whitespace, which has unknown impact and attack vectors.
Web-app.org Webapp
4.3
CVSSv2
CVE-2006-7187
Cross-site scripting (XSS) vulnerability in the show_recent_searches function in cgi-lib/user-lib/search.pl in web-app.net WebAPP prior to 20060909 allows remote malicious users to inject arbitrary web script or HTML via the srch variable.
Web-app.net Webapp
NA
CVE-2022-39380
Wire web-app is part of Wire communications. Versions before 2022-11-02 are subject to Improper Handling of Exceptional Conditions. In the wire-webapp, certain combinations of Markdown formatting can trigger an unhandled error in the conversion to HTML representation. The error m...
Wire Wire-webapp
7.5
CVSSv2
CVE-2022-22845
QXIP SIPCAPTURE homer-app prior to 1.4.28 for HOMER 7.x has the same 167f0db2-f83e-4baa-9736-d56064a5b415 JWT secret key across different customers' installations.
Qxip Homer Webapp
2 Github repositories
5
CVSSv2
CVE-2006-7186
cgi-lib/subs.pl in web-app.net WebAPP prior to 0.9.9.3.5 allows malicious users to open list files in "profile and other functions," a different vulnerability than CVE-2005-0927.
Web-app.net Webapp
4.3
CVSSv2
CVE-2021-32683
wire-webapp is the web version of Wire, an open-source messenger. A cross-site scripting vulnerability exists in wire-webapp prior to version 2021-06-01-production.0. If a user is instructed to open an image in a new tab (right click -> open in new tab, or copy the URL and pas...
Wire Wire-webapp
4.3
CVSSv2
CVE-2007-3417
Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/cgi-lib/search.pl in web-app.org WebAPP prior to 0.9.9.7 allow remote malicious users to inject arbitrary web script or HTML via a search string, which is not sanitized when an HREF attribute is printed by the (1) pro...
Web-app.org Webapp
7.5
CVSSv2
CVE-2007-3419
The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP prior to 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3) profession.dat, (4) gen.dat, (5) marstat.dat, (6) states.dat, and (7) ages.dat files before saving profile settings of me...
Web-app.org Webapp
7.5
CVSSv2
CVE-2007-3421
The (1) login, (2) admin profile edit, (3) reminder, (4) edit profile, (5) profile view, (6) gallery view, (7) gallery comment, and (8) gallery feedback capabilities in web-app.org WebAPP prior to 0.9.9.7 do not verify presence of users in memberlist.dat, which has unknown impact...
Web-app.org Webapp
7.5
CVSSv2
CVE-2007-3423
cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP prior to 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function reads (a) an internal IM, or a message from a (b) guest or (c) removed member, wh...
Web-app.org Webapp
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »