JVNDB-2013-000014

[Japanese]
JVNDB-2013-000014
dopvSTAR* vulnerable to cross-site scripting
Overview
dopvSTAR* provided by bayashi.net is a software to analyze web access logs. dopvSTAR* contains a cross-site scripting vulnerability. Masahiro YAMADA reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)
CVSS V2 Severity: Base Metrics 4.3 (Medium) [IPA Score] Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
Affected Products

bayashi.net dopvSTAR*
dopvSTAR* containing JavaScript that enables to log accesses, which had been available on bayashi.net until January 7, 2013
Impact
An arbitrary script may be executed on the user's web browser.
Solution
[Modify the JavaScript] Modify the JavaScript that enables to log accesses, according to the information provided by the developer.
Vendor Information
bayashi.net bayashi.net : dopvSTAR* (Japanese Only)
CWE (What is CWE?)
Cross-site Scripting(CWE-79) [IPA Evaluation]
CVE (What is CVE?)
CVE-2013-0709
References
JVN : JVN#36339873 National Vulnerability Database (NVD) : CVE-2013-0709
Revision History
[2013/02/28] Web page was published

dopvSTAR* vulnerable to cross-site scripting