Lucene search

[email protected]CVE-2007-0302

HistoryJan 18, 2007 - 12:28 a.m.

CVE-2007-0302

2007-01-1800:28:00

[email protected]

web.nvd.nist.gov

cve

2007

0302

xss

instantasp

logon.aspx

members1.aspx

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

5.8 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to (a) Logon.aspx, and the (2) Username and (3) Update parameters to (b) Members1.aspx.

Affected configurations

NVD

Node

instantaspinstantaspMatch4.1.0

CPENameOperatorVersion
instantasp:instantaspinstantaspeq4.1.0

CPE	Name	Operator	Version
instantasp:instantasp	instantasp	eq	4.1.0

References

osvdb.org/32852

osvdb.org/32853

secunia.com/advisories/23787

securityreason.com/securityalert/2164

www.securityfocus.com/archive/1/456970/100/0/threaded

www.securityfocus.com/bid/22052

www.vupen.com/english/advisories/2007/0227

exchange.xforce.ibmcloud.com/vulnerabilities/31521

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

5.8 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.4%

JSON

Related for CVE-2007-0302

nvd1 prion1 cvelist1 securityvulns1