CVE-2007-0696 | Vulnerability Database | Aqua Security

Cross-site scripting (XSS) vulnerability in error messages in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, different vectors than CVE-2007-0611.

Affected Software

Name	Vendor	Start Version	End Version
Free_lan_intra_internet_portal	Free_lan_intra_internet_portal	0.9.0.730 (including)	0.9.0.730 (including)
Free_lan_intra_internet_portal	Free_lan_intra_internet_portal	0.9.0.1029 (including)	0.9.0.1029 (including)
Free_lan_intra_internet_portal	Free_lan_intra_internet_portal	1.0_rc1 (including)	1.0_rc1 (including)
Free_lan_intra_internet_portal	Free_lan_intra_internet_portal	1.0_rc2 (including)	1.0_rc2 (including)

References

http://osvdb.org/33650
http://sourceforge.net/project/shownotes.php?release_id=481131\u0026group_id=98260
http://www.vupen.com/english/advisories/2007/0454
https://exchange.xforce.ibmcloud.com/vulnerabilities/31900

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-0696
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html