[Japanese]

JVNDB-2010-002807

Accela BizSearch Standard Search Page Cross-Site Scripting Vulnerability

Overview

The standard search page of Accela BizSearch contains a cross-site scripting vulnerability.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Accela Technology
  • Accela BizSearch Enterprise Edition V3.0L10
  • Accela BizSearch Enterprise Edition V3.0L10A
  • Accela BizSearch Enterprise Edition V3.0L12
  • Accela BizSearch Enterprise Edition V3.1L10
  • Accela BizSearch Enterprise Edition V3.2L10v
  • Accela BizSearch Standard Edition V3.0L10
  • Accela BizSearch Standard Edition V3.0L10A
  • Accela BizSearch Standard Edition V3.0L12
  • Accela BizSearch Standard Edition V3.1L10
  • Accela BizSearch Standard Edition V3.2L10
  • Accela BizSearch Workgroup Edition V3.0L10
  • Accela BizSearch Workgroup Edition V3.0L10A
  • Accela BizSearch Workgroup Edition V3.0L12
  • Accela BizSearch Workgroup Edition V3.1L10
  • Accela BizSearch Workgroup Edition V3.2L10
  • eAccela BizSearch Enterprise Edition V1.0
  • eAccela BizSearch Enterprise Edition V2.0
  • eAccela BizSearch Enterprise Edition V2.0A
  • eAccela BizSearch Enterprise Edition V2.1
  • eAccela BizSearch Enterprise Edition V2.1L12
  • eAccela BizSearch Standard Edition V1.0
  • eAccela BizSearch Standard Edition V2.0
  • eAccela BizSearch Standard Edition V2.0A
  • eAccela BizSearch Standard Edition V2.1
  • eAccela BizSearch Standard Edition V2.1A
  • eAccela BizSearch Standard Edition V2.1L12
  • eAccela BizSearch Workgroup Edition V1.0
  • eAccela BizSearch Workgroup Edition V2.0
  • eAccela BizSearch Workgroup Edition V2.0A
  • eAccela BizSearch Workgroup Edition V2.1
  • eAccela BizSearch Workgroup Edition V2.1A
  • eAccela BizSearch Workgroup Edition V2.1L12

Impact

By setting up a fraudulent website that exploits an XSS vulnerability of the Accela BizSearch's standard search page (the "targeted website") via the Internet, a remote attacker could execute arbitrary code on the computer of the visitors (the "victims") who have accessed the website.
Solution

Please refer to the 'Vendor Information' and 'References' section for the countermeasures and take appropriate action.
Vendor Information

Accela Technology
  • Accela Technology Corporation : Top Page (Japanese)
FUJITSU
CWE (What is CWE?)

  1. Cross-site Scripting(CWE-79) [IPA Evaluation]
CVE (What is CVE?)

References

Revision History

  • [2011/06/29]
      Web page published

Date Public2010/04/25
Date First Published2011/06/29
Date Last Updated2011/06/29