MidnightBSD

Advisories for instantasp

CVE-2014-9468 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in InstantASP InstantForum.NET 4.1.3, 4.1.2, 4.1.1, 4.0.0, 4.1.0, and 3.4.0 allow remote attackers to inject arbitrary web script or HTML via the SessionID parameter to (1) Join.aspx or (2) Logon.aspx.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
instantasp instantforum 4.1.3
instantasp instantforum 4.1.1
instantasp instantforum 3.4.0
instantasp instantforum 4.1.0
instantasp instantforum 4.1.2