CVE-2007-5296

Name of the Vulnerable Software and Affected Versions: dbList version 8.1

Description: The issue allows remote attackers to inject arbitrary web script or HTML via several parameters in the dblisttest.asp file. The vulnerable parameters include db, pagesize, sort, strKeyWords, and table.

Recommendations: For dbList version 8.1, consider restricting access to the dblisttest.asp file until a patch is available, and avoid using the vulnerable parameters db, pagesize, sort, strKeyWords, and table in the meantime. At the moment, there is no information about a newer version that contains a fix for this issue.