CVE-2007-4077 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) msg (2) page (3) viewkey or (4) viewtype parameter to (a) view_video.php; the (5) next parameter to (b) signup.php; the (6) search_id parameter to (c) search_result.php; the (7) category or (8) page parameter to (d) video.php; the (9) receiver parameter to (e) compose.php; the (10) catgy parameter to (f) groups.php; the (11) channelname parameter to (g) siteadmin/channels.php; or the (12) uname parameter to (h) siteadmin/muser.php.
Reference
http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html http://osvdb.org/37277 http://osvdb.org/37278 http://osvdb.org/37279 http://osvdb.org/37280 http://osvdb.org/37281 http://osvdb.org/37282 http://osvdb.org/37283 http://osvdb.org/37284
Share on: