Vulnerability Details CVE-2007-0302
Multiple cross-site scripting (XSS) vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to (a) Logon.aspx, and the (2) Username and (3) Update parameters to (b) Members1.aspx.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.057
EPSS Ranking 90.0%
CVSS Severity
CVSS v2 Score 6.8
References
- http://osvdb.org/32852
- http://osvdb.org/32853
- http://secunia.com/advisories/23787
- http://securityreason.com/securityalert/2164
- http://www.securityfocus.com/archive/1/456970/100/0/threaded
- http://www.securityfocus.com/bid/22052
- http://www.vupen.com/english/advisories/2007/0227
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31521
- http://osvdb.org/32852
- http://osvdb.org/32853
- http://secunia.com/advisories/23787
- http://securityreason.com/securityalert/2164
- http://www.securityfocus.com/archive/1/456970/100/0/threaded
- http://www.securityfocus.com/bid/22052
- http://www.vupen.com/english/advisories/2007/0227
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31521
Products affected by CVE-2007-0302
-
cpe:2.3:a:instantasp:instantasp:4.1.0