Vulnerabilities > CVE-2007-0302 - Cross-Site Scripting vulnerability in Instantasp 4.1.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple cross-site scripting (XSS) vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to (a) Logon.aspx, and the (2) Username and (3) Update parameters to (b) Members1.aspx.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description InstantASP 4.1 Logon.aspx SessionID Parameter XSS. CVE-2007-0302. Webapps exploit for asp platform id EDB-ID:29456 last seen 2016-02-03 modified 2007-01-15 published 2007-01-15 reporter Doz source https://www.exploit-db.com/download/29456/ title InstantASP 4.1 Logon.aspx SessionID Parameter XSS description InstantASP 4.1 Members1.aspx Multiple Parameter XSS. CVE-2007-0302. Webapps exploit for asp platform id EDB-ID:29457 last seen 2016-02-03 modified 2007-01-15 published 2007-01-15 reporter Doz source https://www.exploit-db.com/download/29457/ title InstantASP 4.1 Members1.aspx Multiple Parameter XSS
References
- http://osvdb.org/32852
- http://osvdb.org/32853
- http://secunia.com/advisories/23787
- http://securityreason.com/securityalert/2164
- http://www.securityfocus.com/archive/1/456970/100/0/threaded
- http://www.securityfocus.com/bid/22052
- http://www.vupen.com/english/advisories/2007/0227
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31521