[Japanese]
|
JVNDB-2010-002808
|
Accela BizSearch Standard Search Page Cross-Site Scripting Vulnerability
|
The standard search page of Accela BizSearch contains a cross-site scripting vulnerability.
|
CVSS V2 Severity: Base Metrics 4.3 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
Accela Technology
- Accela BizSearch Gateway Option for Jasmine V3.0L10
- Accela BizSearch Gateway Option for Jasmine V3.1L10
- Accela BizSearch Gateway Option for NTFS ACL V3.0L10
- Accela BizSearch Gateway Option for NTFS ACL V3.1L10
- Accela BizSearch Gateway Option for TeamWARE V3.0L10
- Accela BizSearch Gateway Option for TeamWARE V3.1L10
- Accela BizSearch Gateway Option for Lotus Notes/Domino V3.1L10
- Accela BizSearch Gateway Option for Lotus Notes/Domino V3.0L10
- eAccela BizSearch Gateway Option for Jasmine V1.0
- eAccela BizSearch Gateway Option for Jasmine V2.0
- eAccela BizSearch Gateway Option for Jasmine V2.1
- eAccela BizSearch Gateway Option for NTFS ACL V1.0
- eAccela BizSearch Gateway Option for NTFS ACL V2.0
- eAccela BizSearch Gateway Option for NTFS ACL V2.1
- eAccela BizSearch Gateway Option for Lotus Notes/Domino V1.0
- eAccela BizSearch Gateway Option for Lotus Notes/Domino V2.0
- eAccela BizSearch Gateway Option for Lotus Notes/Domino V2.1
- eAccela BizSearch Gateway Option for Lotus Notes/Domino V1.0 TeamWARE V1.0
- eAccela BizSearch Gateway Option for Lotus Notes/Domino V1.0 TeamWARE V2.0
- eAccela BizSearch Gateway Option for Lotus Notes/Domino V1.0 TeamWARE V2.1
|
|
By setting up a fraudulent website that exploits an XSS vulnerability of the Accela BizSearch's standard search page (the "targeted website") via the Internet, a remote attacker could execute arbitrary code on the computer of the visitors (the "victims") who have accessed the website.
|
Please refer to the 'Vendor Information' and 'References' section for the countermeasures and take appropriate action.
|
Accela Technology
- Accela Technology Corporation : Top Page (Japanese)
FUJITSU
|
- Cross-site Scripting(CWE-79) [IPA Evaluation]
|
|
|
- [2011/06/29]
Web page published
|