CVE-2007-3417

Name of the Vulnerable Software and Affected Versions web-app.org WebAPP versions prior to 0.9.9.7

Description The issue allows remote attackers to inject arbitrary web script or HTML via a search string. This occurs because the search string is not sanitized when an HREF attribute is printed by the (1) process search or (2) show recent searches function.

Recommendations For versions prior to 0.9.9.7, update to version 0.9.9.7 or later to resolve the issue.