Lucene search

[email protected]CVE-2007-4087

HistoryJul 30, 2007 - 5:30 p.m.

CVE-2007-4087

2007-07-3017:30:00

[email protected]

web.nvd.nist.gov

cve-2007-4087

alstrasoft video share enterprise

sensitive information

remote attackers

xss

security vulnerability

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

82.1%

JSON

AlstraSoft Video Share Enterprise allows remote attackers to obtain sensitive information (the full path) via (1) a ’ (quote) character in the category parameter to view_video.php, or (2) an XSS sequence in the UID parameter to (a) uprofile.php, (b) channel_detail.php, © uvideos.php, (d) groups_home.php, or (e) ufriends.php.

Affected configurations

NVD

Node

alstrasoftvideo_share_enterprise

CPENameOperatorVersion
alstrasoft:video_share_enterprisealstrasoft video share enterpriseeq*

CPE	Name	Operator	Version
alstrasoft:video_share_enterprise	alstrasoft video share enterprise	eq	*

References

lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html

osvdb.org/46947

osvdb.org/46948

osvdb.org/46949

osvdb.org/46950

osvdb.org/46951

osvdb.org/46952

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

82.1%

JSON

Related for CVE-2007-4087

prion1 nvd1 cvelist1