[Japanese]

JVNDB-2014-000063

Web Kyukincho vulnerable to cross-site scripting

Overview

Web Kyukincho provided by Intercom, Inc. is a software that digitizes and distributes a pay statement and others. Web Kyukincho contains a cross-site scripting vulnerability.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Intercom, Inc.
  • Web Kyukincho V3 V3 versions prior to 3.0.030

According to the developer, Web Kyukincho Cloud is not affected by this vulnerability.
Impact

An arbitrary script may be executed in the user's web browser.
Solution

[Update the Software]
Update to the latest version according to the information provided by the developer.

According to the developer, Web Kyukincho Cloud is not affected by this vulnerability.
Vendor Information

Intercom, Inc.
CWE (What is CWE?)

  1. Cross-site Scripting(CWE-79) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2014-2006
References

  1. JVN : JVN#80006084
  2. National Vulnerability Database (NVD) : CVE-2014-2006
Revision History

  • [2014/06/25]
      Web page was published
    [2014/07/01]
      References : Content was added