Microsoft Internet Explorer NavCancel.HTM Cross-Site Scripting Vulnerability

Bugtraq ID:	22966
Class:	Input Validation Error
CVE:	CVE-2007-1499
Remote:	Yes
Local:	No
Published:	Mar 14 2007 12:00AM
Updated:	Jun 21 2007 10:39PM
Credit:	Aviv Raff is credited with the discovery of this issue.
Vulnerable:	Nortel Networks Centrex IP Client Manager 8.0 Nortel Networks Centrex IP Client Manager 7.0 Nortel Networks Centrex IP Client Manager 9.0 Nortel Networks Centrex IP Client Manager Microsoft Internet Explorer 7.0 + Microsoft Windows Vista Ultimate + Microsoft Windows Vista Ultimate + Microsoft Windows Vista Ultimate + Microsoft Windows Vista Home Premium + Microsoft Windows Vista Home Premium + Microsoft Windows Vista Home Premium + Microsoft Windows Vista Home Premium + Microsoft Windows Vista Home Premium + Microsoft Windows Vista Home Basic + Microsoft Windows Vista Home Basic + Microsoft Windows Vista Home Basic + Microsoft Windows Vista Home Basic + Microsoft Windows Vista Home Basic + Microsoft Windows Vista Enterprise + Microsoft Windows Vista Enterprise + Microsoft Windows Vista Enterprise + Microsoft Windows Vista Enterprise + Microsoft Windows Vista Enterprise + Microsoft Windows Vista Business + Microsoft Windows Vista Business + Microsoft Windows Vista Business + Microsoft Windows Vista Business + Microsoft Windows Vista Business + Microsoft Windows Vista 0 + Microsoft Windows Vista 0 + Microsoft Windows Vista 0 + Microsoft Windows Vista 0 + Microsoft Windows Vista 0 HP Storage Management Appliance 2.1 + HP Storage Management Appliance III + HP Storage Management Appliance II + HP Storage Management Appliance I HP Storage Management Appliance 2.1 + HP Storage Management Appliance III + HP Storage Management Appliance II + HP Storage Management Appliance I Avaya Messaging Application Server MM 3.1 Avaya Messaging Application Server MM 3.0 Avaya Messaging Application Server MM 2.0 Avaya Messaging Application Server 0 Avaya CIE 1.0

Not Vulnerable: