[Japanese]

JVNDB-2010-001088

uCosminexus Portal Framework Cross-Site Scripting Vulnerability

Overview

uCosminexus Portal Framework has a cross-site scripting vulnerability.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Hitachi, Ltd
  • Cosminexus Collaboration Portal
  • Cosminexus Collaboration Portal - Forum/File Sharing
  • Cosminexus Portal Framework
  • Cosminexus Portal Framework - Light
  • Groupmax Collaboration Portal
  • Groupmax Collaboration Web Client - Forum/File Sharing
  • Groupmax Collaboration Web Client - Mail/Schedule
  • JP1/Integrated Management - Service Support
  • uCosminexus Collaboration Portal
  • uCosminexus Collaboration Portal - Forum/File Sharing
  • uCosminexus Content Manager
  • uCosminexus Navigation Platform
  • uCosminexus Navigation Platform - User License
  • uCosminexus Navigation Platform - Authoring License
  • uCosminexus Navigation Developer
  • uCosminexus Portal Framework
  • uCosminexus Portal Framework - Light
  • uCosminexus Electronic Form Workflow QuickStart Edition
  • uCosminexus Electronic Form Workflow QuickStart Edition with HiRDB
  • Electronic Form Workflow Set
  • Electronic Form Workflow Developer Set

Impact

A remote attacker could make users of affected systems unknowingly execute malicious scripts.
Solution

Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action.
Vendor Information

Hitachi, Ltd
  • Hitachi Software Vulnerability Information : HS10-001
CWE (What is CWE?)

  1. Cross-site Scripting(CWE-79) [IPA Evaluation]
CVE (What is CVE?)

References

Revision History

  • [2010/03/03]
      Web page published