[Japanese]

JVNDB-2007-000228

MailDwarf cross-site scripting vulnerability

Overview

MailDwarf is a mail form CGI provided by HTML Dwarf. MailDwarf contains a cross-site scripting vulnerability.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


HTML Dwarf
  • MailDwarf ver3.01 or earlier

Impact

An arbitrary script may be executed on the user's web browser.
Solution

Vendor Information

HTML Dwarf
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2007-1802
References

  1. JVN : JVN#40511721
  2. National Vulnerability Database (NVD) : CVE-2007-1802
  3. Secunia Advisory : SA24681
  4. SecurityFocus : 23207
  5. ISS X-Force Database : 33322
  6. FrSIRT Advisories : FrSIRT/ADV-2007-1166
Revision History

  • [2008/05/21]
      Web page published