JVNDB-2015-000184

[Japanese]
JVNDB-2015-000184
Void vulnerable to cross-site scripting
Overview
Void is an open source content management system (CMS). Void contains a cross-site scripting vulnerability (CWE-79). Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)
CVSS V2 Severity: Base Metrics 4.3 (Medium) [IPA Score] Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
Affected Products

Joseph Ernest Void versions released prior to October 2, 2015

Impact
An arbitrary script may be executed on the user's web browser.
Solution
[Apply an update] Update to the latest version according to the information provided by the developer.
Vendor Information
Joseph Ernest GitHub : Merge pull request #18 from g-sato/fix_security_bug
CWE (What is CWE?)
Cross-site Scripting(CWE-79) [IPA Evaluation]
CVE (What is CVE?)
CVE-2015-7777
References
JVN : JVN#20649799 National Vulnerability Database (NVD) : CVE-2015-7777
Revision History
[2015/11/20] Web page was published [2015/11/24] References : Content was added

Void vulnerable to cross-site scripting