[Japanese]

JVNDB-2006-000784

eyeOS cross-site scripting vulnerability

Overview

eyeOS, an open source web desktop environment (Web OS), contains a cross-site scripting vulnerability.

This vulnerability has been addressed in eyeOS 0.9.0 and later. Other vulnerabilities are also addressed in the latest version. We recommend that the users upgrade to the latest version provided by the vendor.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


eyeOS Project
  • eyeOS version 0.8.10 - 0.8.15

Impact

An arbitrary script may be executed on the user's web browser. Web pages could be spoofed as a result.
Solution

Vendor Information

eyeOS Project
CWE (What is CWE?)

CVE (What is CVE?)

References

  1. JVN : JVN#46244305
Revision History

  • [2008/05/21]
      Web page published