CVE-2007-0302

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to (a) Logon.aspx, and the (2) Username and (3) Update parameters to (b) Members1.aspx.

Reference

http://osvdb.org/32852
http://osvdb.org/32853
http://secunia.com/advisories/23787
http://securityreason.com/securityalert/2164
http://www.securityfocus.com/archive/1/456970/100/0/threaded
http://www.securityfocus.com/bid/22052
http://www.vupen.com/english/advisories/2007/0227
https://exchange.xforce.ibmcloud.com/vulnerabilities/31521

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

16-10-2018 - 16:32

Objavljeno

18-01-2007 - 00:28