This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Wampserver First view 2010-02-23
Product Wampserver Last view 2019-06-10
Version 2.0i Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:wampserver:wampserver

Activity : Overall

Related : CVE

  Date Alert Description
6.5 2019-06-10 CVE-2019-11517

WampServer before 3.1.9 has CSRF in add_vhost.php because the synchronizer pattern implemented as remediation of CVE-2018-8817 was incomplete. An attacker could add/delete any vhosts without the consent of the owner.

6.1 2018-12-20 CVE-2018-1000848

Wampserver version prior to version 3.1.5 contains a Cross Site Scripting (XSS) vulnerability in index.php localhost page that can result in very low. This attack appear to be exploitable via payload onmouseover. This vulnerability appears to have been fixed in 3.1.5 and later.

8.8 2018-03-25 CVE-2018-8817

Wampserver before 3.1.3 has CSRF in add_vhost.php.

4.3 2010-02-23 CVE-2010-0700

Cross-site scripting (XSS) vulnerability in index.php in WampServer 2.0i allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

CWE : Common Weakness Enumeration

%idName
50% (2) CWE-352 Cross-Site Request Forgery (CSRF)
50% (2) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

Open Source Vulnerability Database (OSVDB)

id Description
62481 WampServer index.php lang Parameter XSS

OpenVAS Exploits

id Description
2010-03-05 Name : WampServer 'lang' Parameter Cross-site Scripting (XSS) Vulnerability
File : nvt/gb_wampserver_xss_vuln.nasl