|
[Japanese]
|
JVNDB-2007-000807
|
FileMaker cross-site scripting vulnerability
|
|
FileMaker from FileMaker, Inc. contains a cross-site scripting vulnerability.
FileMaker is database software from FileMaker, Inc.
FileMaker contains a cross-site scripting vulnerability in its "Instant Web Publishing" function that enables users to publish database contents on the web.
|
|
CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
|
FileMaker, Inc
- FileMaker Developer 7 (for Windows and Mac)
- FileMaker Pro 7 (for Windows and Mac)
- FileMaker Pro 8.x (for Windows and Mac)
- FileMaker Pro 8.x Advanced (for Windows and Mac)
- FileMaker Server 7 Advanced (for Windows and Mac)
- FileMaker Server 8.x (for Windows and Mac)
- FileMaker Server 8.x Advanced (for Windows and Mac)
|
|
|
An attacker could execute an arbitrary script on the web browser of a user who views the contents published using the "Instant Web Publishing" function.
|
|
[Upgrade the Software]
FileMaker, Inc. has not released any updates or patches for FileMaker 7.x and 8.x.
However the vendor released the FileMaker 9 product line in September 2007. Users are encouraged to upgrade to the FileMaker 9 product line that is not affected by this vulnerability.
[Workarounds]
The users who are not to upgrade to the FileMaker 9 product line should apply the following workaround to mitigate this vulnerability.
Do not use "Instant Web Publishing" function
|
|
FileMaker, Inc
|
|
- Cross-site Scripting(CWE-79) [NVD Evaluation]
|
|
- CVE-2007-6104
|
|
- JVN : JVN#55833292
- National Vulnerability Database (NVD) : CVE-2007-6104
- Secunia Advisory : SA27750
- SecurityFocus : 26515
- ISS X-Force Database : 38600
- FrSIRT Advisories : FrSIRT/ADV-2007-3937
|
|
- [2008/05/21]
Web page published
|
