CVE-2007-4077 in Video Share Enterpriseinfo

Summary

Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) msg, (2) page, (3) viewkey, or (4) viewtype parameter to (a) view_video.php; the (5) next parameter to (b) signup.php; the (6) search_id parameter to (c) search_result.php; the (7) category or (8) page parameter to (d) video.php; the (9) receiver parameter to (e) compose.php; the (10) catgy parameter to (f) groups.php; the (11) channelname parameter to (g) siteadmin/channels.php; or the (12) uname parameter to (h) siteadmin/muser.php.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

07/30/2007

Disclosure

07/30/2007

Status

Confirmed

Entries

1

CWE

CWE-79

CVSS

4.3

EPSS

0.00753

CTI

0.00

Sources

MITREhttps://www.cve.org/CVERecord?id=CVE-2007-4077
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2007-4077
CVE Detailshttps://www.cvedetails.com/cve/CVE-2007-4077/

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!