JVNDB-2007-000640

[Japanese]
JVNDB-2007-000640
Fulltext search CGI from futomi's CGI Cafe vulnerable to cross-site scripting
Overview
Fulltext search CGI from futomi's CGI Cafe contains a cross-site scripting vulnerability. Fulltext search CGI, website search software from futomi's CGI Cafe, contains a cross-site scripting vulnerability.
CVSS Severity (What is CVSS?)
CVSS V2 Severity: Base Metrics 4.3 (Medium) [IPA Score] Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
Affected Products

futomi Co.,Ltd. full-text search CGI Ver 1.1.0 and earlier

Impact
An arbitrary script may be executed on the user's web browser.
Solution
[Update the Software] Apply the latest updates provided by the vendor.
Vendor Information
futomi Co.,Ltd. futomi's CGI Cafe : 20070903 (Japanese)
CWE (What is CWE?)

CVE (What is CVE?)

References
JVN : JVN#43091983
Revision History
[2008/05/21] Web page published

Fulltext search CGI from futomi's CGI Cafe vulnerable to cross-site scripting