JVNDB-2008-000020

[Japanese]
JVNDB-2008-000020
DesignForm cross-site scripting vulnerability
Overview
DesignForm is a mail form CGI provided by GNB. A cross-site scripting vulnerability exists in DesignForm. DesignForm is a mail form CGI provided by GNB. It is used to send mail from a form on a web page. A cross-site scripting vulnerabiltiy exists in DesignForm.
CVSS Severity (What is CVSS?)
CVSS V2 Severity: Base Metrics 4.3 (Medium) [IPA Score] Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
Affected Products

GNB DesignForm Ver3.8 and earlier

Impact
An arbitrary script may be executed on the user's web browser.
Solution
[Update the Software] Update to the latest version according to the information provided by the developer.
Vendor Information
GNB GNB : DesignForm Ver3.9 (Japanese)
CWE (What is CWE?)
Cross-site Scripting(CWE-79) [NVD Evaluation]
CVE (What is CVE?)
CVE-2008-1603
References
JVN : JVN#58803701 National Vulnerability Database (NVD) : CVE-2008-1603 Secunia Advisory : SA29528 SecurityFocus : 28471
Revision History
[2008/05/21] Web page published

DesignForm cross-site scripting vulnerability