Vulnerabilities > CVE-2007-0302 - Cross-Site Scripting vulnerability in Instantasp 4.1.0

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

instantasp

exploit available

NVD

Published: 2007-01-18

Updated: 2018-10-16

Summary

Multiple cross-site scripting (XSS) vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to (a) Logon.aspx, and the (2) Username and (3) Update parameters to (b) Members1.aspx.

Vulnerable Configurations

Part	Description	Count
Application	Instantasp Instantasp Instantasp 4.1.0	1

Exploit-Db

description	InstantASP 4.1 Logon.aspx SessionID Parameter XSS. CVE-2007-0302. Webapps exploit for asp platform
id	EDB-ID:29456
last seen	2016-02-03
modified	2007-01-15
published	2007-01-15
reporter	Doz
source	https://www.exploit-db.com/download/29456/
title	InstantASP 4.1 Logon.aspx SessionID Parameter XSS

description	InstantASP 4.1 Members1.aspx Multiple Parameter XSS. CVE-2007-0302. Webapps exploit for asp platform
id	EDB-ID:29457
last seen	2016-02-03
modified	2007-01-15
published	2007-01-15
reporter	Doz
source	https://www.exploit-db.com/download/29457/
title	InstantASP 4.1 Members1.aspx Multiple Parameter XSS

Summary

Vulnerable Configurations

Exploit-Db

References