[Japanese]

JVNDB-2006-000816

Shobo Shobo Nikki System (sns) cross-site scripting vulnerability

Overview

Shobo Shobo Nikki System (sns), weblog scripts provided by Project Amateras, contains a cross-site scripting vulnerability.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Project Amateras
  • sns 3.11 and earlier

Impact

An arbitrary script may be executed on the user's web browser. Also, the administrator's password could be disclosed if cookie information is leaked.
Solution

Vendor Information

Project Amateras
  • Project Amateras : sns
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2006-6413
References

  1. JVN : JVN#34830904
  2. National Vulnerability Database (NVD) : CVE-2006-6413
  3. Secunia Advisory : SA23257
  4. SecurityFocus : 21489
  5. FrSIRT Advisories : FrSIRT/ADV-2006-4902
Revision History

  • [2008/05/21]
      Web page published