CVE-2007-0302 - Multiple cross-site scripting (XSS) vulnerabilities in InstantASP 4.1.0 allow remote attackers to in

CVE-2007-0302

Summary

Multiple cross-site scripting (XSS) vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to (a) Logon.aspx, and the (2) Username and (3) Update parameters to (b) Members1.aspx.

References

http://osvdb.org/32852
http://osvdb.org/32853
http://secunia.com/advisories/23787
http://securityreason.com/securityalert/2164
http://www.securityfocus.com/archive/1/456970/100/0/threaded
http://www.securityfocus.com/bid/22052
http://www.vupen.com/english/advisories/2007/0227
https://exchange.xforce.ibmcloud.com/vulnerabilities/31521

Vulnerable Configurations

cpe:2.3:a:instantasp:instantasp:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:instantasp:instantasp:4.1.0:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 16-10-2018 - 16:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	22052
bugtraq	20070115 InstantForum.NET Multiple Cross-Site Scripting Vulnerability
osvdb	32852 32853
secunia	23787
sreason	2164
vupen	ADV-2007-0227
xf	instantforum-multiple-scripts-xss(31521)

Last major update

16-10-2018 - 16:32

Published

18-01-2007 - 00:28

Last modified

16-10-2018 - 16:32