CVE-2007-3989

Name of the Vulnerable Software and Affected Versions: Dora Emlak version 1.0

Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities are found in the default.asp file of the affected software, specifically when the goster parameter is set to iletisim. Remote attackers can inject arbitrary web script or HTML via the Adiniz and Soyadiniz parameters. The existence of other unspecified vectors is also possible.

Recommendations: For Dora Emlak version 1.0, consider restricting access to the default.asp file when the goster parameter is set to iletisim to minimize the risk of exploitation. Avoid using the Adiniz and Soyadiniz parameters in this context until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.