JVNDB-2009-000041

[Japanese]
JVNDB-2009-000041
Cross-site scripting vulnerability in PukiWikiMod from XOOPS Maniac
Overview
PukiWikiMod from XOOPS Maniac contains a cross-site scripting vulnerability. PukiWikiMod from XOOPS Maniac is a contents management software for XOOPS. PukiWikiMod contains a cross-site scripting vulnerability.
CVSS Severity (What is CVSS?)
CVSS V2 Severity: Base Metrics 4.3 (Medium) [IPA Score] Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
Affected Products

XOOPS Maniac PukiWikiMod 1.6.6.2 and earlier

Impact
An arbitrary script may be executed on the user's web browser.
Solution
[Update the software] Update to latest version according to the information provided by developer.
Vendor Information
XOOPS Maniac XOOPS Maniac : XOOPS Maniac (Japanese) XOOPS Maniac : About PukiWikiMod (Japanese) XOOPS Maniac : Fix for cross-site scripting vulnerability (IPA#12244807) - PukiWiki Work Diary (Japanese)
CWE (What is CWE?)
Cross-site Scripting(CWE-79) [IPA Evaluation]
CVE (What is CVE?)
CVE-2009-2162
References
JVN : JVN#12244807 National Vulnerability Database (NVD) : CVE-2009-2162 Secunia Advisory : SA35504
Revision History
[2009/06/19] Web page published

Cross-site scripting vulnerability in PukiWikiMod from XOOPS Maniac