JVNDB-2012-000061

[Japanese]
JVNDB-2012-000061
WEB PATIO vulnerable to cross-site scripting
Overview
WEB PATIO contains a cross-site scripting vulnerability. WEB PATIO is a bulletin-board software. WEB PATIO contains a vulnerability in handling web form entries, which may result in cross-site scripting. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)
CVSS V2 Severity: Base Metrics 4.3 (Medium) [IPA Score] Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
Affected Products

KENT-WEB WEB PATIO Ver.4.04 and earlier

Impact
An arbitrary script may be executed on the user's web browser.
Solution
[Update the Software] Update to the latest version according to the information provided by the developer.
Vendor Information
KENT-WEB WebCreate Ltd : WEB PATIO (Japanese only)
CWE (What is CWE?)
Cross-site Scripting(CWE-79) [IPA Evaluation]
CVE (What is CVE?)
CVE-2012-2636
References
JVN : JVN#33171616 National Vulnerability Database (NVD) : CVE-2012-2636
Revision History
[2012/06/19] Web page was published

WEB PATIO vulnerable to cross-site scripting