CVE-2007-3838

Cross-site scripting XSS vulnerability in takeprofedit.php in TBDev.NET DR 11-10-05-BETA-SF1:111005 and earlier allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the avatar parameter. NOTE: this may be related to the tracker program in the...

CVE-2007-3839

Cross-site scripting XSS vulnerability in takeprofedit.php in TBDev.NET DR 010306 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the avatar parameter. NOTE: this may be related to the tracker program in the Janitor package. NOTE: the provenance...

CVE-2007-3838

CVE-2007-3838 describes an XSS in takeprofedit.php for TBDev.NET DR 11-10-05-BETA-SF1:111005 and earlier. The vulnerability allows remote attackers to inject arbitrary script via the SRC attribute of a SCRIPT element in the avatar parameter. The affected component is takeprofedit.php; the issue i...

CVE-2007-3839

The CVE-2007-3839 entry describes a Cross-site Scripting (XSS) vulnerability in TBDev.NET’s takeprofedit.php (TBDev.NET DR 010306 and earlier). The underlying issue is a javascript: URI in the avatar parameter, enabling remote attackers to inject arbitrary web script or HTML. Connected documents ...

TBDev.NET DR - TakeProfEdit.php HTML Injection

TBDev.NET DR - TakeProfEdit.php HTML Injection source: https://www.securityfocus.com/bid/24923/info TBDev.NET DR is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue may allow an attacker to execute HTML and script...