Vulnerabilities > CVE-2007-3838 - HTML Injection vulnerability in Tbdev.Net DR 010306/111005Betasf11/161205Beta1161
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev.NET DR 11-10-05-BETA-SF1:111005 and earlier allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the avatar parameter. NOTE: this may be related to the tracker program in the Janitor package. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Exploit-Db
| description | TBDev.NET DR TakeProfEdit.PHP HTML Injection Vulnerability. CVE-2007-3838. Webapps exploit for asp platform |
| id | EDB-ID:30313 |
| last seen | 2016-02-03 |
| modified | 2007-07-16 |
| published | 2007-07-16 |
| reporter | PescaoDeth |
| source | https://www.exploit-db.com/download/30313/ |
| title | TBDev.NET DR TakeProfEdit.PHP HTML Injection Vulnerability |