[Japanese]

JVNDB-2012-000032

Dokodemo Rikunabi 2013 vulnerable to cross-site scripting

Overview

Dokodemo Rikunabi 2013 contains a cross-site scripting vulnerability.

Dokodemo Rikunabi 2013 is an extension for Google Chrome. Dokodemo Rikunabi 2013 contains a cross-site scripting vulnerability.

Kazuhiko Kusano of Graduate School of Information Sciences,Tohoku University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

Base Metrics: 5.8 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: None

Affected Products


RECRUIT CO.,LTD.
  • Dokodemo Rikunabi 2013 version 1.0.0

Impact

An arbitrary script may be executed on user's Google Chrome.
Solution

[Update the software]
Update to the latest version according to the information provided by the developer.

According to the developer, Dokodemo Rikunabi 2013 automatically updates through the features of Google Chrome.
Vendor Information

RECRUIT CO.,LTD.
CWE (What is CWE?)

  1. Cross-site Scripting(CWE-79) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2012-1240
References

  1. JVN : JVN#90055996
  2. National Vulnerability Database (NVD) : CVE-2012-1240
Revision History

[2012/04/13]
  Web page was published