|
[Japanese]
|
JVNDB-2011-000002
|
SGX-SP Final and SGX-SP Final NE vulnerable to cross-site scripting
|
|
SGX-SP Final and SGX-SP Final NE are vulnerable to cross-site scripting.
SGX-SP Final and SGX-SP Final NE are shopping cart software. SGX-SP Final and SGX-SP Final NE are vulnerable to cross-site scripting.
Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
|
CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
|
WEB INVENTOR
- SGX-SP Final Ver.10.00 and earlier
- SGX-SP Final NE Ver.10.00 and earlier
|
|
|
An arbitrary script may be executed on the user's web browser.
|
|
[Update the software]
Update to the latest version according to the information provided by the developer.
This issue has been resolved in the following versions.
* SGX-SP Final Ver.11.00
* SGX-SP Final NE Ver.11.00
|
|
WEB INVENTOR
|
|
- Cross-site Scripting(CWE-79) [IPA Evaluation]
|
|
- CVE-2010-3926
|
|
- JVN : JVN#86347943
- National Vulnerability Database (NVD) : CVE-2010-3926
- Secunia Advisory : SA42857
- SecurityFocus : 45752
|
|
- [2011/01/13]
Web page published
|
