|
[Japanese]
|
JVNDB-2008-000044
|
K's CGI Access Log Kaiseki (Jcode.pm) vulnerable to cross-site scripting
|
|
analysis.cgi included in K's CGI Access Log Kaiseki (Jcode.pm) contains a cross-site scripting vulnerability.
K's CGI Access Log Kaiseki is a program to analyze access to a web page. analysis.cgi included in Access Log Kaiseki (Jcode.pm) contains a cross-site scripting vulnerability.
The developer has released the information "Important Note as of 2008 July 18" on the developer's homepage regarding this issue.
AzureStone of securecoding.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
|
Base Metrics:
5.0 (Medium)
[IPA Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
|
|
K's CGI
- Access Log Kaiseki (Jcode.pm) analysis.cgi Ver.1.44 and earlier
|
|
|
An arbitrary script could be executed on the user's web browser.
|
|
[Update the Software]
Apply the latest update provided by the developer.
|
|
K's CGI
|
|
|
|
|
|
- JVN : JVN#72065744
|
|
[2008/07/29]
Web page published
|
