Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4077

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-4077
Last Modified 15 Nov 2008 01:55:13
Published 30 Jul 2007 01:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4077

Summary

Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) msg, (2) page, (3) viewkey, or (4) viewtype parameter to (a) view_video.php; the (5) next parameter to (b) signup.php; the (6) search_id parameter to (c) search_result.php; the (7) category or (8) page parameter to (d) video.php; the (9) receiver parameter to (e) compose.php; the (10) catgy parameter to (f) groups.php; the (11) channelname parameter to (g) siteadmin/channels.php; or the (12) uname parameter to (h) siteadmin/muser.php.

Vulnerable Systems

Application

  • Alstrasoft Video Share Enterprise


References

OSVDB - 37284

OSVDB - 37283

OSVDB - 37282

OSVDB - 37281

OSVDB - 37280

OSVDB - 37279

OSVDB - 37278

OSVDB - 37277

MISC - http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html


Last Updated: 27 May 2016 10:45:46