CVE-2007-4081

Name of the Vulnerable Software and Affected Versions: AlstraSoft Affiliate Network Pro (affected versions not specified)

Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML. This can be achieved through various vectors in the merchants/index.php file, including the id or msg parameter in a programedit action, the pgmid parameter in an uploadProducts action, the d, m, or y parameter in a daily action, the err parameter in a ProgramReport action, the i, txtto, txtfrom, or programs parameter in a LinkReport action, or the msg parameter in an add money action. Additionally, there is a vector in the merchants/temp.php file using the rowid parameter.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.