CVE-2007-0302

Multiple cross-site scripting XSS vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 SessionID parameter to a Logon.aspx, and the 2 Username and 3 Update parameters to b Members1.aspx...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 SessionID parameter to a Logon.aspx, and the 2 Username and 3 Update parameters to b Members1.aspx...

CVE-2007-0302

Multiple cross-site scripting XSS vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 SessionID parameter to a Logon.aspx, and the 2 Username and 3 Update parameters to b Members1.aspx...

CVE-2007-0302

CVE-2007-0302 affects InstantASP 4.1.0 with multiple cross-site scripting (XSS) flaws. An attacker can inject arbitrary script/HTML via (1) SessionID to Logon.aspx and (2) Username and (3) Update to Members1.aspx, enabling web-script injection. The NVD CVSS2 base score is 6.8 (MEDIUM) with networ...

InstantASP 4.1 - 'Members1.aspx' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/22052/info InstantForum.NET is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to steal cookie-based authentication credentials and...