JVNDB-2007-000400

[Japanese]
JVNDB-2007-000400
Advance-Flow cross-site scripting vulnerability
Overview
Advance-Flow is an electronic authorization system. Advance-Flow contains a cross-site scripting vulnerability in its application form. Advance-Flow provided by OSK Co. LTD contains a cross-site scripting vulnerability, as it does not properly handle output data. Some application forms are not affected by this vulnerability and some are, depending on the contents of the application forms.
CVSS Severity (What is CVSS?)
CVSS V2 Severity: Base Metrics 5.0 (Medium) [IPA Score] Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
Affected Products

OSK Co., LTD Advance-Flow Ver 4.41 and earlier Advance-Flow Forms Ver 4.41 and earlier

Impact
An arbitrary script may be executed on the user's web browser.
Solution
[Update the Software] Apply the updates provided by the vendor. Fixed versions: -Advance-Flow Ver 4.42 or later -Advance-Flow Forms Ver 4.42 or later
Vendor Information
OSK Co., LTD OSK : JVN#92832583 (Japanese)
CWE (What is CWE?)
Cross-site Scripting(CWE-79) [NVD Evaluation]
CVE (What is CVE?)
CVE-2007-2811
References
JVN : JVN#92832583 National Vulnerability Database (NVD) : CVE-2007-2811 JPCERT REPORT : JPCERT-WR-2007-1901 Secunia Advisory : SA25338 SecurityFocus : 24071 FrSIRT Advisories : FrSIRT/ADV-2007-1884
Revision History
[2008/05/21] Web page published

Advance-Flow cross-site scripting vulnerability