eyeOS cross-site scripting vulnerability


eyeOS, an open source web desktop environment (Web OS), contains a cross-site scripting vulnerability.

This vulnerability has been addressed in eyeOS 0.9.0 and later. Other vulnerabilities are also addressed in the latest version. We recommend that the users upgrade to the latest version provided by the vendor.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products

eyeOS Project
  • eyeOS version 0.8.10 - 0.8.15


An arbitrary script may be executed on the user's web browser. Web pages could be spoofed as a result.

Vendor Information

eyeOS Project
CWE (What is CWE?)

CVE (What is CVE?)


  1. JVN : JVN#46244305
Revision History

  • [2008/05/21]
      Web page published