[Japanese]

JVNDB-2009-000019

Cross-site scripting vulnerability in apricot.php from LovPop.net

Overview

apricot.php from LovPop.net contains a cross-site scripting vulnerability.

apricot.php from LovPop.net is a software to analyze web access logs. apricot.php contains a cross-site scripting vulnerability.

Note that future releases and maintenance of apricot.php ended on March 19, 2009. Users who wish to analyze access logs are recommended to use a different product that provides equivalent functionality.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


LovPop.net
  • apricot.php

Impact

An arbitrary script may be executed on the user's web browser.
Solution

[Do not use apricot.php]
As patches will not be provided, users are recommended to discontinue use of apricot.php and switch to a different product that provides equivalent functionality.
Vendor Information

LovPop.net
CWE (What is CWE?)

  1. Cross-site Scripting(CWE-79) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2009-1448
References

  1. JVN : JVN#82744714
  2. National Vulnerability Database (NVD) : CVE-2009-1448
  3. ISS X-Force Database : 49948
  4. JVN iPedia (Japanese) : JVNDB-2009-000019
Revision History

  • [2009/04/17]
      Web page published

Date Public2009/04/16
Date First Published2009/04/17
Date Last Updated2009/04/17