JVNDB-2005-000773

[Japanese]
JVNDB-2005-000773
desknet's cross-site scripting vulnerability
Overview
If a user views HTML email containing a malicious script, it could be executed. This problem allows execution of script having patterns other than those addressed in JVN#F88C2C13 (additional information to JVN#89DE2014).
CVSS Severity (What is CVSS?)
CVSS V2 Severity: Base Metrics 5.0 (Medium) [IPA Score] Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
Affected Products

NEOJAPAN,Inc. desknet's version 4.2J R1.9

Impact
lf a login ID, password, or session information is leaked, an attacker could impersonate a user to view email, alter configuration information, etc.
Solution

Vendor Information
NEOJAPAN,Inc. desknet's : http://www.desknets.com/help/ver45/webmail/003.html (Japanese)
CWE (What is CWE?)

CVE (What is CVE?)

References
JVN : JVN#0DC004F6
Revision History
[2008/05/21] Web page published

desknet's cross-site scripting vulnerability