Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2007-4088

EPSS 2.60% · P86
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2007-4088

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) f, (3) quote, and (4) act parameters to cp.php; the (5) u parameter to user.php; the (6) f parameter to post.php; the (7) s parameter to topic.php; the (8) quote, (9) t, (10) poll, and (11) p parameters to post.php; the (12) Message Title field of a private message (PM) in mode 6 of cp.php; the (13) title field of a private message (PM) in mode 7 of cp.php; and (14) allow user-assisted remote attackers to inject arbitrary web script or HTML via a dosearch action to search.php, which reflects the first lines of all posts by a user. NOTE: the act parameter to help.php and the p parameter to report.php are already covered by CVE-2006-4708. NOTE: vectors 12 and 13 might overlap CVE-2006-6283.1. NOTE: vector 14 might overlap CVE-2006-4708.b.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Vikingboard 多个跨站脚本攻击漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Vikingboard 0.1.2版本中存在多个跨站脚本攻击漏洞。远程攻击者可以借助(1) id, (2) f, (3) quote, 和 (4)对cp.php的act参数; (5)对user.php的u参数;(6)对post.php的f参数;(7)对topic.php的s参数;(8) quote, (9) t, (10) poll, 和 (11)对post.php的p参数;(12)cp.php的模式6 ; (13)cp.php的模式7中的私密信息的信息标题字段,注入任意web脚本或HTML; 以及(14
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2007-4088

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2007-4088

登录查看更多情报信息。

Same Patch Batch · n/a · 2007-07-30 · 50 CVEs total

CVE-2007-4084AlstraSoft Affiliate Network Pro 多个输入验证漏洞
CVE-2007-4092iFoto index.php 目录遍历漏洞
CVE-2007-4096Tor 多个漏洞和信息泄露错误
CVE-2007-4097Tor 多个漏洞和信息泄露错误
CVE-2007-4098Tor 多个漏洞和信息泄露错误
CVE-2007-4099Tor 多个漏洞和信息泄露错误
CVE-2007-3387Freedesktop Poppler 输入验证错误漏洞
CVE-2007-4095BSM Store Dependent Forums UserName Parameter SQL注入漏洞
CVE-2007-4086AlstraSoft Video Share 多个参数的SQL注入漏洞
CVE-2007-4085AlstraSoft AskMe Pro 多个参数的SQL注入漏洞
CVE-2007-4087AlstraSoft Video Share 多个参数的远程攻击漏洞
CVE-2007-4083AlstraSoft AskMe Pro 多个跨站脚本漏洞
CVE-2007-4082AlstraSoft Article Manager Pro contact_author.php 跨站脚本漏洞
CVE-2007-4081AlstraSoft Affiliate Network Pro 多个输入验证漏洞
CVE-2007-4080AlstraSoft E-Friends index.php 跨站脚本漏洞
CVE-2007-4079AlstraSoft SMS Text Messaging Enterprise 多个跨站脚本攻击漏洞
CVE-2007-4078AlstraSoft Text Ads Enterprise 多个跨站脚本攻击漏洞
CVE-2007-4077AlstraSoft Video Share 多个跨站脚本漏洞
CVE-2007-4076Alisveris Sitesi Scripti Index.ASP SQL注入漏洞
CVE-2007-4075Alisveris Sitesi Scripti Index.ASP 跨站脚本攻击漏洞

Showing top 20 of 50 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2007-4088

No comments yet

Leave a comment