CVE-2006-1427 | Vulnerability Database | Aqua Security

Multiple cross-site scripting (XSS) vulnerabilities in WebAPP 0.9.9.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) id, (3) num, (4) board, (5) cat, (6) real, (7) viewcat, (8) img, or (9) curcatname parameter in cgi-bin/index.cgi, or (10) vsSD parameter in /mods/calendar/index.cgi.

Affected Software

Name	Vendor	Start Version	End Version
Webapp	Web-app.org	0.9.9.1 (including)	0.9.9.1 (including)
Webapp	Web-app.org	0.9.9.2 (including)	0.9.9.2 (including)
Webapp	Web-app.org	0.9.9.2.1 (including)	0.9.9.2.1 (including)
Webapp	Web-app.org	0.9.9.3 (including)	0.9.9.3 (including)
Webapp	Web-app.org	0.9.9.3.1 (including)	0.9.9.3.1 (including)
Webapp	Web-app.org	0.9.9.3.2 (including)	0.9.9.3.2 (including)

References

http://pridels0.blogspot.com/2006/03/webapp-multiple-xss-vuln.html
http://secunia.com/advisories/19506
http://www.osvdb.org/24278
http://www.osvdb.org/24279
http://www.securityfocus.com/bid/17359
http://www.vupen.com/english/advisories/2006/1102
http://www.web-app.net/cgi-bin/index.cgi?action=downloadinfo\u0026cat=pastversions\u0026id=1
http://www.web-app.net/cgi-bin/index.cgi?action=redirectd\u0026cat=pastversions\u0026id=1
https://exchange.xforce.ibmcloud.com/vulnerabilities/25435

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-1427
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html