[Japanese]

JVNDB-2006-000792

tDiary cross-site scripting vulnerability

Overview

tDiary, a weblog system from the tDiary development project, contains a cross-site scripting vulnerability.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


tDiary development project
  • tDiary 2.0.2 (stable) and earlier
  • tDiary 2.1.4.20061115 (developer version) and earlier

Impact

An arbitrary script may be executed on the user's web browser.
Solution

Vendor Information

tDiary development project
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2006-6174
References

  1. JVN : JVN#47223461
  2. National Vulnerability Database (NVD) : CVE-2006-6174
  3. Secunia Advisory : SA23092
  4. SecurityFocus : 21321
  5. FrSIRT Advisories : FrSIRT/ADV-2006-4722
Revision History

  • [2008/05/21]
      Web page published