Vulnerabilities > CVE-2007-4080 - Cross-Site Scripting vulnerability in Alstrasoft E-Friends 4.0

CVSS 6.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

alstrasoft

NVD

Published: 2007-07-30

Updated: 2008-11-15

Summary

Cross-site scripting (XSS) vulnerability in index.php AlstraSoft E-Friends allows remote attackers to inject arbitrary web script or HTML via the p_id parameter in a people_card action. NOTE: this might overlap CVE-2006-2564.

Vulnerable Configurations

Part	Description	Count
Application	Alstrasoft Alstrasoft E Friends 4.0	1

References

http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html
http://osvdb.org/37266