Unrated severityNVD Advisory· Published Jan 18, 2007· Updated Apr 23, 2026

CVE-2007-0302

Description

Multiple cross-site scripting (XSS) vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to (a) Logon.aspx, and the (2) Username and (3) Update parameters to (b) Members1.aspx.

Affected products

Instantasp/Instantasp
cpe:2.3:a:instantasp:instantasp:4.1.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

osvdb.org/32852nvd
osvdb.org/32853nvd
secunia.com/advisories/23787nvd
securityreason.com/securityalert/2164nvd
www.securityfocus.com/archive/1/456970/100/0/threadednvd
www.securityfocus.com/bid/22052nvd
www.vupen.com/english/advisories/2007/0227nvd
exchange.xforce.ibmcloud.com/vulnerabilities/31521nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.008
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000