JVNDB-2005-000798

[Japanese]
JVNDB-2005-000798
MitakeSearch cross-site scripting vulnerability
Overview
MitakeSearch, a fulltext search system from Hewlett-Packard Japan, contains a cross-site scripting vulnerability due to improper validation of input character strings in the ranking CGI script file, ranking.pl.
CVSS Severity (What is CVSS?)
CVSS V2 Severity: Base Metrics 4.3 (Medium) [IPA Score] Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
Affected Products

Hewlett-Packard Development Company, L.P MitakeSearch V4.2

Impact
A malicious script may be executed on the user's web browser.
Solution

Vendor Information
Hewlett-Packard Development Company, L.P Hewlett Packard : Top Page MitakeSearch : MitakeSearch (Japanese)
CWE (What is CWE?)

CVE (What is CVE?)

References
JVN : JVN#76357668
Revision History
[2008/05/21] Web page published

MitakeSearch cross-site scripting vulnerability