Unrated severityNVD Advisory· Published Jul 30, 2007· Updated Apr 23, 2026

CVE-2007-4077

Description

Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) msg, (2) page, (3) viewkey, or (4) viewtype parameter to (a) view_video.php; the (5) next parameter to (b) signup.php; the (6) search_id parameter to (c) search_result.php; the (7) category or (8) page parameter to (d) video.php; the (9) receiver parameter to (e) compose.php; the (10) catgy parameter to (f) groups.php; the (11) channelname parameter to (g) siteadmin/channels.php; or the (12) uname parameter to (h) siteadmin/muser.php.

Affected products

Alstrasoft/Video Share Enterprise
cpe:2.3:a:alstrasoft:video_share_enterprise:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.htmlnvdExploit
osvdb.org/37277nvd
osvdb.org/37278nvd
osvdb.org/37279nvd
osvdb.org/37280nvd
osvdb.org/37281nvd
osvdb.org/37282nvd
osvdb.org/37283nvd
osvdb.org/37284nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000