2 matches found
CVE-2006-4224
Cross-site scripting XSS vulnerability in calendar.php in Virtual War VWar 1.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the year parameter. NOTE: The page parameter vector is covered by CVE-2006-4009...
CVE-2006-4009
CVE-2006-4009 describes an XSS in the Virtual War (VWar) application. Affected: VWar versions up to 1.5.0 and earlier, exploitable through the page parameter in the file war.php (also echoed by related CVE-2006-4224 noting that the page vector is covered by CVE-2006-4009). Root cause: insufficien...