Synopsis :

The remote web server contains an ASP script which is vulnerable to a
cross-site scripting issue.

Description :

The remote host is running ASPrunner prior to version 2.5. There are
multiple flaws in this version of ASPrunner which would enable a
remote attacker to read and/or modify potentially confidential data.

An attacker, exploiting this flaw, would need access to the web server
via the network.

See also :

http://archives.neohapsis.com/archives/bugtraq/2004-07/0291.html

Solution :

Unknown at this time.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 7.5
(CVSS2#E:H/RL:U/RC:ND)
Public Exploit Available : true