AlstraSoft Video Share Enterprise allows remote attackers to obtain sensitive information (the full path) via (1) a ' (quote) character in the category parameter to view_video.php, or (2) an XSS sequence in the UID parameter to (a) uprofile.php, (b) channel_detail.php, (c) uvideos.php, (d) groups_home.php, or (e) ufriends.php.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2007-07-30T17:00:00
Updated: 2008-11-15T10:00:00
Reserved: 2007-07-30T00:00:00
Link: CVE-2007-4087
JSON object: View
NVD Information
Status : Modified
Published: 2007-07-30T17:30:00.000
Modified: 2008-11-15T06:55:18.127
Link: CVE-2007-4087
JSON object: View
Redhat Information
No data.
CWE