CVE Vulnerability

CVE-2007-4077

Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) msg, (2) page, (3) viewkey, or (4) viewtype parameter to (a) view_video.php; the (5) next parameter to (b) signup.php; the (6) search_id parameter to (c) search_result.php; the (7) category or (8) page parameter to (d) video.php; the (9) receiver parameter to (e) compose.php; the (10) catgy parameter to (f) groups.php; the (11) channelname parameter to (g) siteadmin/channels.php; or the (12) uname parameter to (h) siteadmin/muser.php.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html Exploit
http://osvdb.org/37281
http://osvdb.org/37278
http://osvdb.org/37279
http://osvdb.org/37284
http://osvdb.org/37283
http://osvdb.org/37280
http://osvdb.org/37282
http://osvdb.org/37277
Configurations

Configuration 1

cpe:2.3:a:alstrasoft:video_share_enterprise:*:*:*:*:*:*:*:*
Information

Published : 2007-07-30 05:30

Updated : 2008-11-15 06:55

NVD link : CVE-2007-4077

Mitre link : CVE-2007-4077

Products Affected

Alstrasoft

Video Share Enterprise

CWE
NVD-CWE-Other