2 matches found
CVE-2007-3838
CVE-2007-3838 describes an XSS in takeprofedit.php for TBDev.NET DR 11-10-05-BETA-SF1:111005 and earlier. The vulnerability allows remote attackers to inject arbitrary script via the SRC attribute of a SCRIPT element in the avatar parameter. The affected component is takeprofedit.php; the issue i...
CVE-2007-3839
The CVE-2007-3839 entry describes a Cross-site Scripting (XSS) vulnerability in TBDev.NET’s takeprofedit.php (TBDev.NET DR 010306 and earlier). The underlying issue is a javascript: URI in the avatar parameter, enabling remote attackers to inject arbitrary web script or HTML. Connected documents ...