|
[Japanese]
|
JVNDB-2012-000036
|
OSQA vulnerable to cross-site scripting
|
|
OSQA (The Open Source Q&A system) contains a cross-site scripting vulnerability.
OSQA is an open source question and answer system. OSQA contains a cross-site scripting vulnerability.
Kousuke Ebihara reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
|
Base Metrics:
4.3 (Medium)
[IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
|
|
OSQA
- OSQA trunk revisions prior to 1234
- OSQA version 0.9.0 (Fantasy Island) Beta 3 and earlier
|
|
|
An arbitrary script may be executed on the user's web browser.
|
|
[Apply a patch]
Apply the patch according to the information provided the developer.
According to the developer, this issue was addressed in revision 1234.
|
|
OSQA
|
|
- Cross-site Scripting(CWE-79) [IPA Evaluation]
|
|
- CVE-2012-1245
|
|
- JVN : JVN#15503729
- National Vulnerability Database (NVD) : CVE-2012-1245
|
|
[2012/04/26]
Web page was published
|
