JVNDB-2014-000080

[Japanese]
JVNDB-2014-000080
Meridian vulnerable to cross-site scripting
Overview
Meridian provided by Nexa Technologies is a software for market trading. Meridian contains a cross-site scripting vulnerability. Kazuyuki Matsuda reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)
CVSS V2 Severity: Base Metrics 2.6 (Low) [IPA Score] Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
Affected Products

Nexa Technologies Meridian versions prior to 2014

Impact
An arbitrary script may be executed on the user's web browser.
Solution
[Update the software] Update to the latest version according to the information provided by the developer.
Vendor Information
Nexa Technologies Nexa Technologies : Investor Suite: Meridian
CWE (What is CWE?)
Cross-site Scripting(CWE-79) [IPA Evaluation]
CVE (What is CVE?)
CVE-2014-3892
References
JVN : JVN#36028879 National Vulnerability Database (NVD) : CVE-2014-3892
Revision History
[2014/07/18] Web page was published [2014/07/23] References : Content was added

Meridian vulnerable to cross-site scripting