Multiple cross-site scripting (XSS) vulnerabilities in WebAPP 0.9.9.3.2 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) action, (2) id, (3) num, (4) board, (5) cat, (6) real, (7) viewcat, (8) img, or (9) curcatname parameter in cgi-bin/index.cgi, or (10) vsSD parameter in /mods/calendar/index.cgi.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
web-app.org webapp 0.9.9.3.2 |
||
web-app.org webapp 0.9.9.1 |
||
web-app.org webapp 0.9.9.2 |
||
web-app.org webapp 0.9.9.2.1 |
||
web-app.org webapp 0.9.9.3 |
||
web-app.org webapp 0.9.9.3.1 |