JVNDB-2009-000048

[Japanese]
JVNDB-2009-000048
shiromuku(fs6)DIARY cross-site scripting vulnerability
Overview
shiromuku(fs6)DIARY from Perl CGI's By Mrs. Shiromuku contains a cross-site scripting vulnerability. shiromuku(fs6)DIARY from Perl CGI's By Mrs. Shiromuku is a web log software. shiromuku(fs6)DIARY contains a cross-site scripting vulnerability.
CVSS Severity (What is CVSS?)
Base Metrics: 4.3 (Medium) [IPA Score] Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

Affected Products

Perl CGI's By Mrs.Shiromuku shiromuku(fs6)DIARY 2.40 and earlier

Impact
An arbitrary script may be executed on the user's web browser.
Solution
[Update the Software] Update to the latest version according to the information provided by the developer.
Vendor Information
Perl CGI's By Mrs.Shiromuku Perl CGI's By Mrs.Shiromuku : Update notice for users of shiromuku(fs6)DIARY (Japanese) Perl CGI's By Mrs.Shiromuku : shiromuku(fs6)DIARY (Japanese)
CWE (What is CWE?)
Cross-site Scripting(CWE-79) [IPA Evaluation]
CVE (What is CVE?)
CVE-2009-2565
References
JVN : JVN#31110006 National Vulnerability Database (NVD) : CVE-2009-2565 Secunia Advisory : SA35806 ISS X-Force Database : 51696
Revision History
[2009/07/15] Web page published

shiromuku(fs6)DIARY cross-site scripting vulnerability