Published: 18/01/2007 Updated: 16/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 690

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple cross-site scripting (XSS) vulnerabilities in InstantASP 4.1.0 allow remote malicious users to inject arbitrary web script or HTML via the (1) SessionID parameter to (a) Logon.aspx, and the (2) Username and (3) Update parameters to (b) Members1.aspx.

Vulnerable Product	Search on Vulmon	Subscribe to Product
instantasp instantasp 4.1.0

source: wwwsecurityfocuscom/bid/22052/info InstantForumNET is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input An attacker can exploit these issues to steal cookie-based authentication credentials and launch other attacks These issues affect version 41 ...

source: wwwsecurityfocuscom/bid/22052/info InstantForumNET is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input An attacker can exploit these issues to steal cookie-based authentication credentials and launch other attacks These issues affect version 4 ...

NVD-CWE-Other http://www.securityfocus.com/bid/22052 http://secunia.com/advisories/23787 http://securityreason.com/securityalert/2164 http://osvdb.org/32853 http://osvdb.org/32852 http://www.vupen.com/english/advisories/2007/0227 https://exchange.xforce.ibmcloud.com/vulnerabilities/31521 http://www.securityfocus.com/archive/1/456970/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/29456/

CVE-2007-0302

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect