CVE-2007-0302 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to (a) Logon.aspx and the (2) Username and (3) Update parameters to (b) Members1.aspx.

Reference

http://osvdb.org/32852 http://osvdb.org/32853 http://secunia.com/advisories/23787 http://securityreason.com/securityalert/2164 http://www.securityfocus.com/archive/1/456970/100/0/threaded http://www.securityfocus.com/bid/22052 http://www.vupen.com/english/advisories/2007/0227 https://exchange.xforce.ibmcloud.com/vulnerabilities/31521