|
[Japanese]
|
JVNDB-2008-000048
|
La!cooda WIZ and LacoodaST vulnerable to cross-site scripting
|
|
La!cooda WIZ and LacoodaST contain a cross-site scripting vulnerability.
La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a cross-site scripting vulnerability.
Hirotaka Katagiri reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
|
|
Base Metrics:
4.3 (Medium)
[IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
System Consultants Co.,Ltd.
- La!coodaWIZ 1.4.0 and earlier
SPACETAG INC.
- LacoodaST 2.1.3 and earlier
|
|
An arbitrary script could be executed on the web browser of the user who logged into La!cooda WIZ or LacoodaST.
|
|
[Update the Software]
Apply the latest updates provided by the vendors.
For more information, refer to the vendors' websites.
|
|
System Consultants Co.,Ltd.
SPACETAG INC.
|
|
- JVN : JVN#52557009
- National Vulnerability Database (NVD) : CVE-2008-3739
- Common Vulnerabilities and Exposures (CVE) : CVE-2008-3739
- Secunia Advisory : SA31582
- Secunia Advisory : SA31574
- SecurityFocus : 30791
- ISS X-Force Database : 44593
- Common Weakness Enumeration (CWE) : Cross-site scripting (CWE-79) [IPA Evaluation]
- JVN iPedia (Japanese) : JVNDB-2008-000048
|
|
[2008/09/02]
Web page published
|
|
| 2008/08/21 |
| 2008/09/02 |
| 2008/09/02 |
|
