JVNDB-2010-002808

Accela BizSearch Standard Search Page Cross-Site Scripting Vulnerability

The standard search page of Accela BizSearch contains a cross-site scripting vulnerability.

Accela Technology

• Accela BizSearch Gateway Option for Jasmine V3.0L10
• Accela BizSearch Gateway Option for Jasmine V3.1L10
• Accela BizSearch Gateway Option for NTFS ACL V3.0L10
• Accela BizSearch Gateway Option for NTFS ACL V3.1L10
• Accela BizSearch Gateway Option for TeamWARE V3.0L10
• Accela BizSearch Gateway Option for TeamWARE V3.1L10
• Accela BizSearch Gateway Option for Lotus Notes/Domino V3.1L10
• Accela BizSearch Gateway Option for Lotus Notes/Domino V3.0L10
• eAccela BizSearch Gateway Option for Jasmine V1.0
• eAccela BizSearch Gateway Option for Jasmine V2.0
• eAccela BizSearch Gateway Option for Jasmine V2.1
• eAccela BizSearch Gateway Option for NTFS ACL V1.0
• eAccela BizSearch Gateway Option for NTFS ACL V2.0
• eAccela BizSearch Gateway Option for NTFS ACL V2.1
• eAccela BizSearch Gateway Option for Lotus Notes/Domino V1.0
• eAccela BizSearch Gateway Option for Lotus Notes/Domino V2.0
• eAccela BizSearch Gateway Option for Lotus Notes/Domino V2.1
• eAccela BizSearch Gateway Option for Lotus Notes/Domino V1.0 TeamWARE V1.0
• eAccela BizSearch Gateway Option for Lotus Notes/Domino V1.0 TeamWARE V2.0
• eAccela BizSearch Gateway Option for Lotus Notes/Domino V1.0 TeamWARE V2.1

By setting up a fraudulent website that exploits an XSS vulnerability of the Accela BizSearch's standard search page (the "targeted website") via the Internet, a remote attacker could execute arbitrary code on the computer of the visitors (the "victims") who have accessed the website.

Please refer to the 'Vendor Information' and 'References' section for the countermeasures and take appropriate action.

Accela Technology

• Accela Technology Corporation : Top Page (Japanese)

FUJITSU

• FUJITSU Security Information : bizsearch201101 (Japanese)

1. Cross-site Scripting(CWE-79) [IPA Evaluation]

• [2011/06/29]
    Web page published